CVE-2020-7812

EPSS 0.75%
Veröffentlicht 28.05.2020 14:15:11
Zuletzt bearbeitet 21.11.2024 05:37:51
Quelle vuln@krcert.or.kr
CVE-Watchlists
Login
Unerledigt
Login

Kaoni ezHTTPTrans Active-X File Download and Execution Vulnerability

Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution by rebooting the victim’s PC.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Kaoni ≫ Ezhttptrans Version <= 1.0.0.70

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.75%	0.5

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
vuln@krcert.or.kr	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-494 Download of Code Without Integrity Check

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

http://www.kaoni.com/

Vendor Advisory

https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35428

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-7812

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-7812

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-7812

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-7812