CVE-2019-19167
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Tobesoft Nexacro v2019.9.25.1 and earlier version have an arbitrary code execution vulnerability by using method supported by Nexacro14 ActiveX Control. It allows attacker to cause remote code execution.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Tobesoft | Nexacro14 | 2019.9.25.1 <= 14.0.1.3400 | affected |
Weaknesses
- CWE-494: CWE-494 Download of Code Without Integrity Check
ADP Enrichment
CVE Program Container
Additional References
- http://support.tobesoft.co.kr/Support/index.html
- https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35358
References
- http://support.tobesoft.co.kr/Support/index.html
- https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35358
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.