o handysoft Co.,Ltd released security update to address arbitrary file download and execution vulnerability in HShell.dll(ActiveX module)
|Mission support for
|arbitrary file download
o An arbitrary file download and execution vulnerability was found in the HShell.dll of handysoft Co., Ltd groupware ActiveX module.(CVE-2021-26608)
o This issue is due to missing support for integrity check of download URL or downloaded file hash.
□ Affected Product
o Update software following version or higher.
- HShell.dll 22.214.171.124, 126.96.36.199, 188.8.131.52
o Thanks to Heehyun Kim for reporting this vulnerability.
□ 작성 : 침해사고분석단 취약점분석팀