CVE-2021-26608

Summary

An arbitrary file download and execution vulnerability was found in the HShell.dll of handysoft Co., Ltd groupware ActiveX module. This issue is due to missing support for integrity check of download URL or downloaded file hash.

Affected Software

VendorProductVersion RangeStatus
handysoftHShell.dll1.7.4.5affected
handysoftHShell.dll2.0.3.5affected
handysoftHShell.dll4.0.1.6affected

Weaknesses

  • CWE-353: CWE-353 Missing Support for Integrity Check

ADP Enrichment

CVE Program Container

Additional References

References