본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2021-26608 | handysoft groupware arbitrary file download and execution vulnerability2021.09.08
□ Overview
 o handysoft Co.,Ltd released security update to address arbitrary file download and execution vulnerability in HShell.dll(ActiveX module)
Vulnerability Type Impact Severity CVSS Score CVE ID
Mission support for
integrity check
arbitrary file download
and execution
High 8.8 CVE-2021-26608

□ Description
 o An arbitrary file download and execution vulnerability was found in the HShell.dll of handysoft Co., Ltd groupware ActiveX module.(CVE-2021-26608)
 o This issue is due to missing support for integrity check of download URL or downloaded file hash.

□ Affected Product
Product Version Platform
HShell.dll 1.7.4.5
2.0.3.5
4.0.1.6
Windows

□ Solution
 o Update software following version or higher.
   - HShell.dll 1.7.4.6, 2.0.3.6, 4.0.1.7

□ Reference
 [1] https://www.handysoft.co.kr/product/product.html?seq=12

□ Etc
 o Thanks to Heehyun Kim for reporting this vulnerability.


□ 작성 : 침해사고분석단 취약점분석팀