Описание
Download of code without integrity check vulnerability in NEXACRO14 Runtime ActiveX control of tobesoft Co., Ltd allows the attacker to cause an arbitrary file download and execution. This vulnerability is due to incomplete validation of file download URL or file extension.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 14.0.0.0 (включая) до 14.0.1.3600 (исключая)
Одновременно
cpe:2.3:a:tobesoft:nexacro:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
EPSS
Процентиль: 46%
0.00233
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-494
CWE-494
Связанные уязвимости
github
больше 3 лет назад
Download of code without integrity check vulnerability in NEXACRO14 Runtime ActiveX control of tobesoft Co., Ltd allows the attacker to cause an arbitrary file download and execution. This vulnerability is due to incomplete validation of file download URL or file extension.
EPSS
Процентиль: 46%
0.00233
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-494
CWE-494