본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2020-7877 | ZOOK Buffer Overflow Vulnerability2021.09.02
□ Overview
 o Mastersoft Co.,Ltd released security update to address buffer overflow vulnerability in ZOOK solution(remote administration tool).
Vulnerability
Vulnerability Type Impact Severity CVSS Score CVE ID
Buffer Overflow Command Execution High 8.0 CVE-2020-7877

□ Description
 o A buffer overflow issue was discovered in ZOOK solution(remote administration tool) through processing 'ConnectMe' command while parsing a crafted
OUTERIP value becasue of the missing boundary check. (CVE-2020-7877)
 o This vulnerability allows the attacker to execute arbitrary command.

□ Affected Product
Affected Product
Product Version Platform
ZOOKViewer_Setup.exe
ZOOKAgentSetup.exe
2.0.4.6
2.0.6.1
Windows

□ Solution
 o Update software over ZOOKViewer_Setup.exe 2.0.8.3, ZOOKAgentSetup.exe 2.1.0.1 version or higher.

□ Reference
 [1] https://zook.co.kr/downloads.html

□ Etc
 o Thanks to Jeongun Baek for reporting this vulnerability.


□ 작성 : 침해사고분석단 취약점분석팀