PT-2020-19809 · Kaoni · Ezhttptrans
Eunsol Lee
·
Published
2020-05-28
·
Updated
2020-05-28
·
CVE-2020-7812
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Kaoni ezHTTPTrans versions 1.0.0.70 and prior
Description
The issue allows a remote attacker to download arbitrary files by setting specific arguments to an ActiveX method, potentially leading to code execution if the victim's PC is rebooted.
Recommendations
For versions 1.0.0.70 and prior, consider disabling the vulnerable ActiveX control until a patch is available. Restrict access to the affected ActiveX method to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ezhttptrans