Описание
An arbitrary file download and execution vulnerability was found in the HShell.dll of handysoft Co., Ltd groupware ActiveX module. This issue is due to missing support for integrity check of download URL or downloaded file hash.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:a:handysoft:hshell:1.7.4.5:*:*:*:*:*:*:*
cpe:2.3:a:handysoft:hshell:2.0.3.5:*:*:*:*:*:*:*
cpe:2.3:a:handysoft:hshell:4.0.1.6:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
EPSS
Процентиль: 46%
0.00233
Низкий
8.8 High
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-353
CWE-345
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
An arbitrary file download and execution vulnerability was found in the HShell.dll of handysoft Co., Ltd groupware ActiveX module. This issue is due to missing support for integrity check of download URL or downloaded file hash.
EPSS
Процентиль: 46%
0.00233
Низкий
8.8 High
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-353
CWE-345