PT-2019-15088 · Clipsoft · Rexpert+1

Published

2019-10-30

Updated

2019-11-01

CVE-2019-17325

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions ClipSoft REXPERT version 1.0.0.527 and earlier

Description The issue allows a remote attacker to upload arbitrary local files via the ActiveX method in RexViewerCtrl30.ocx, potentially leading to the disclosure of sensitive information. This can be exploited when a user visits a malicious web page, requiring user interaction.

Recommendations For ClipSoft REXPERT version 1.0.0.527 and earlier, consider disabling the ActiveX method in RexViewerCtrl30.ocx as a temporary workaround until a patch is available. Restrict access to the RexViewerCtrl30.ocx module to minimize the risk of exploitation.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2019-17325

Affected Products

Rexpert

Rexviewerctrl30.Ocx

PT-2019-15088 · Clipsoft · Rexpert+1

CVE-2019-17325

Weakness Enumeration

Related Identifiers

Affected Products

References · 3