본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2022-23763 | DOUZONE BIZON NeoRS file download and execute vulnerability2022.06.28
□ Overview
 o DOUZONE BIZON Co.,Ltd released security update to address Origin validation error vulnerability in NeoRS(Remote Assistance Program).
Vulnerability
Vulnerability Type Impact Severity CVSS Score CVE ID
Origin validation error arbitrary file download
and execution
High 7.8 CVE-2022-23763

□ Description
 o Origin validation error vulnerability in NeoRS’s ActiveX moudle allows attackers to download and execute arbitrary files.
 o Remote attackers can use this vulerability to encourage users to access crafted web pages, causing damage such as malicious code infections.

□ Affected Product
Affected Product
Product Version Platform
NeoRS prior of 2021.3.10.1 Windows

□ Solution
 o Update software over NeoRS 2022.3.4.1 version or higher.

□ Reference
 [1] https://www.douzone.com/main/index.jsp

□ Etc
 o Thanks to Kim hee hyun for reporting this vulnerability.


□ 작성 : 침해사고분석단 취약점분석팀