CVE-2020-7810
HandySoft ActiveX File Download and Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
hslogin2.dll ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. This is due to a lack of integrity verification of the policy files referenced in the update process, and a remote attacker could induce a user to crafted web page, causing damage such as malicious code infection.
El ActiveX Control hslogin2.dll en Groupware, contiene una vulnerabilidad que podría permitir que archivos remotos sean descargados y ejecutados al configurar los argumentos en el método activex. Esto es debido a una falta de comprobación de la integridad de los archivos de políticas a los que se hace referencia en el proceso de actualización, y un atacante remoto podría inducir a un usuario a diseñar una página web, causando daños como una infección de código malicioso
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-01-22 CVE Reserved
- 2020-08-07 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-16 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-353: Missing Support for Integrity Check
- CWE-354: Improper Validation of Integrity Check Value
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
http://www.handysoft.co.kr/en | Product | |
https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35551 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Handysoft Search vendor "Handysoft" | Hslogin2.dll Search vendor "Handysoft" for product "Hslogin2.dll" | <= 6.7.8.4 Search vendor "Handysoft" for product "Hslogin2.dll" and version " <= 6.7.8.4" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
Handysoft Search vendor "Handysoft" | Hslogin2.dll Search vendor "Handysoft" for product "Hslogin2.dll" | >= 7.0.0 <= 7.3.4 Search vendor "Handysoft" for product "Hslogin2.dll" and version " >= 7.0.0 <= 7.3.4" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|