o tobesoft Co.,Ltd released security update to address arbitrary file download and execution vulnerability in NEXACRO14 Runtime plugin.
|Download of code without
|arbitrary file download and
o Download of code without integrity check vulnerability in NEXACRO14 Runtime ActiveX control of tobesoft Co., Ltd allows the attacker to cause an arbitrary
file download and execution.(CVE-2020-7874)
o This vulnerability is due to incomplete validation of file download URL or file extension.
□ Affected Product
||prior to 220.127.116.1100
o Update software over NEXACRO14 18.104.22.16800 version or higher.
o Thanks to Jeongun Baek for reporting this vulnerability.
□ 작성 : 침해사고분석단 취약점분석팀