CVE-2019-19165

Name of the Vulnerable Software and Affected Versions Inogard Ebiz4u ActiveX versions 1.0.5.0 and later

Description The issue allows remote files to be downloaded and executed by setting arguments to the ActiveX method, specifically in the AxECM.cab ActiveX control. This enables an attacker to cause a file download to a Windows user's folder and execute it. The vulnerability is related to the download of code without an integrity check in the ActiveX control.

Recommendations For Inogard Ebiz4u ActiveX versions 1.0.5.0 and later, consider disabling the AxECM.cab ActiveX control until a patch is available to prevent remote file execution. Restrict access to the ActiveX method to minimize the risk of exploitation. Avoid using the affected ActiveX control on Windows 7/8/10 systems until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.