□ Overview
o handysoft Co.,Ltd released security update to address arbitrary file download and execution vulnerability in HShell.dll(ActiveX module)
Vulnerability
| Vulnerability Type |
Impact |
Severity |
CVSS Score |
CVE ID |
Mission support for
integrity check |
arbitrary file download
and execution |
High |
8.8 |
CVE-2021-26608 |
□ Description
o An arbitrary file download and execution vulnerability was found in the HShell.dll of handysoft Co., Ltd groupware ActiveX module.(CVE-2021-26608)
o This issue is due to missing support for integrity check of download URL or downloaded file hash.
□ Affected Product
Affected Product
| Product |
Version |
Platform |
| HShell.dll |
1.7.4.5
2.0.3.5
4.0.1.6 |
Windows |
□ Solution
o Update software following version or higher.
- HShell.dll 1.7.4.6, 2.0.3.6, 4.0.1.7
□ Reference
[1] https://www.handysoft.co.kr/product/product.html?seq=12
□ Etc
o Thanks to Heehyun Kim for reporting this vulnerability.
□ 작성 : 침해사고분석단 취약점분석팀 |
