본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2020-7873 | K-System WellComm file download and execution vulnerability2021.09.08
□ Overview
 o Younglimwon Co.,Ltd released security update to address download of code without integrity check vulnerability in K-System WellComm ActiveX control.
(groupware solution)
Vulnerability Type Impact Severity CVSS Score CVE ID
Download of code without
integrity check
arbitrary file download
and execution
High 8.8 CVE-2020-7873

□ Description
 o Download of code without integrity check vulnerability in ActiveX control of Younglimwon Co., Ltd allows the attacker to cause a arbitrary file download
and execution. (CVE-2020-7873)

□ Affected Product
Product Version Platform
K-System WellComm 1.1, 4.0 Windows

□ Solution
 o Install the patch file if K-System WellComm to solve this vulnerability.

□ Reference
 [1] http://www.ksystem.co.kr

□ Etc
 o Thanks to Heehyun Kim for reporting this vulnerability.


□ 작성 : 침해사고분석단 취약점분석팀