PT-2020-19810 · Kaoni · Ezhttptrans
Eunsol Lee
·
Published
2020-05-22
·
Updated
2020-05-27
·
CVE-2020-7813
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Kaoni ezHTTPTrans versions 1.0.0.70 and prior
Description
The issue allows a remote attacker to download and execute arbitrary files by setting the arguments to the ActiveX method, which can be leveraged for code execution.
Recommendations
For versions 1.0.0.70 and prior, consider disabling the ActiveX control until a patch is available to prevent remote attackers from downloading and executing arbitrary files.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ezhttptrans