본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2020-7877 | ZOOK Buffer Overflow Vulnerability2021.09.02
□ Overview
 o Mastersoft Co.,Ltd released security update to address buffer overflow vulnerability in ZOOK solution(remote administration tool).
Vulnerability Type Impact Severity CVSS Score CVE ID
Buffer Overflow Command Execution High 8.0 CVE-2020-7877

□ Description
 o A buffer overflow issue was discovered in ZOOK solution(remote administration tool) through processing 'ConnectMe' command while parsing a crafted
OUTERIP value becasue of the missing boundary check. (CVE-2020-7877)
 o This vulnerability allows the attacker to execute arbitrary command.

□ Affected Product
Product Version Platform
ZOOKViewer_Setup.exe
ZOOKAgentSetup.exe
2.0.4.6
2.0.6.1
Windows

□ Solution
 o Update software over ZOOKViewer_Setup.exe 2.0.8.3, ZOOKAgentSetup.exe 2.1.0.1 version or higher.

□ Reference
 [1] https://zook.co.kr/downloads.html

□ Etc
 o Thanks to Jeongun Baek for reporting this vulnerability.


□ 작성 : 침해사고분석단 취약점분석팀