CVE-2021-26618

Опубликовано: 18 фев. 2022

Источник: nvd

CVSS3: 7.1

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

An improper input validation leading to arbitrary file creation was discovered in ToWord of ToOffice. Remote attackers use this vulnerability to execute arbitrary file included malicious code.

Ссылки

https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36456
Third Party Advisory
VDB Entry
https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36456
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:tmax:tooffice:*:*:*:*:*:*:*:*

Версия до 3.15.6 (исключая)

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 62%

0.00425

Низкий

7.1 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-p8wr-x64w-fh22

github

почти 4 года назад

An improper input validation leading to arbitrary file creation was discovered in ToWord of ToOffice. Remote attackers use this vulnerability to execute arbitrary file included malicious code.

EPSS

Процентиль: 62%

0.00425

Низкий

7.1 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-20