CVE-2021-26608
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
An arbitrary file download and execution vulnerability was found in the HShell.dll of handysoft Co., Ltd groupware ActiveX module. This issue is due to missing support for integrity check of download URL or downloaded file hash.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| handysoft | HShell.dll | 1.7.4.5 | affected |
| handysoft | HShell.dll | 2.0.3.5 | affected |
| handysoft | HShell.dll | 4.0.1.6 | affected |
Weaknesses
- CWE-353: CWE-353 Missing Support for Integrity Check
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.