CVE-2019-19165

EPSS 0.25%
Veröffentlicht 29.04.2020 16:15:11
Zuletzt bearbeitet 21.11.2024 04:34:16
Quelle vuln@krcert.or.kr
CVE-Watchlists
Login
Unerledigt
Login

AxECM.cab(ActiveX Control) in Inogard Ebiz4u contains a vulnerability that could allow remote files to be downloaded and executed by setting arguments to the activeX method. Download of Code Without Integrity Check vulnerability in ActiveX control of Inogard Co,,LTD Ebiz4u ActiveX of Inogard Co,,LTD(AxECM.cab) allows ATTACKER to cause a file download to Windows user's folder and execute. This issue affects: Inogard Co,,LTD Ebiz4u ActiveX of Inogard Co,,LTD(AxECM.cab) version 1.0.5.0 and later versions on windows 7/8/10.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Inogard ≫ Activex Version < 1.0.5.0

   Microsoft ≫ Windows 10 Version-
   Microsoft ≫ Windows 7 Version-
   Microsoft ≫ Windows 8 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.25%	0.477

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
vuln@krcert.or.kr	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-494 Download of Code Without Integrity Check

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

http://www.ebiz4u.co.kr/home.do

Vendor Advisory

https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35348

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-19165

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-19165

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-19165

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2019-19165