CVE-2020-7803 - OpenCVE

IMGTech Co,Ltd ZInsX.ocx ActiveX Control in Zoneplayer 2.0.1.3, version 2.0.1.4 and prior versions on Windows. File Donwload vulnerability in ZInsX.ocx of IMGTech Co,Ltd Zoneplayer allows attacker to cause arbitrary code execution.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Imgtech	Zoneplayer
Microsoft	Windows

Configuration 1 [-]

AND

OR	cpe:2.3:a:imgtech:zoneplayer:2.0.1.3:::::::*
	cpe:2.3:a:imgtech:zoneplayer:2.0.1.4:::::::*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.zoneplayer.co.kr/	Product Vendor Advisory
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35346	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: krcert

Published: 2020-05-07T17:49:26

Updated: 2020-05-07T17:49:26

Reserved: 2020-01-22T00:00:00

Link: CVE-2020-7803

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-05-07T18:15:11.413

Modified: 2020-08-06T13:34:08.213

Link: CVE-2020-7803

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Zoneplayer", "vendor": "IMGTech Co,Ltd", "versions": [{"status": "affected", "version": "2.0.1.4 and prior"}]}], "credits": [{"lang": "en", "value": "Yu, Donghyun"}], "descriptions": [{"lang": "en", "value": "IMGTech Co,Ltd ZInsX.ocx ActiveX Control in Zoneplayer 2.0.1.3, version 2.0.1.4 and prior versions on Windows. File Donwload vulnerability in ZInsX.ocx of IMGTech Co,Ltd Zoneplayer allows attacker to cause arbitrary code execution."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-05-07T17:49:26", "orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863", "shortName": "krcert"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35346"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.zoneplayer.co.kr/"}], "source": {"discovery": "UNKNOWN"}, "title": "Zoneplayer ActiveX File Download Vulnerability", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vuln@krcert.or.kr", "ID": "CVE-2020-7803", "STATE": "PUBLIC", "TITLE": "Zoneplayer ActiveX File Download Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Zoneplayer", "version": {"version_data": [{"version_value": "2.0.1.4 and prior"}]}}]}, "vendor_name": "IMGTech Co,Ltd"}]}}, "credit": [{"lang": "eng", "value": "Yu, Donghyun"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IMGTech Co,Ltd ZInsX.ocx ActiveX Control in Zoneplayer 2.0.1.3, version 2.0.1.4 and prior versions on Windows. File Donwload vulnerability in ZInsX.ocx of IMGTech Co,Ltd Zoneplayer allows attacker to cause arbitrary code execution."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20 Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35346", "refsource": "CONFIRM", "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35346"}, {"name": "http://www.zoneplayer.co.kr/", "refsource": "CONFIRM", "url": "http://www.zoneplayer.co.kr/"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863", "assignerShortName": "krcert", "cveId": "CVE-2020-7803", "datePublished": "2020-05-07T17:49:26", "dateReserved": "2020-01-22T00:00:00", "dateUpdated": "2020-05-07T17:49:26", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:imgtech:zoneplayer:2.0.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "BD28A07B-C8D5-44DF-831B-C60FE8A105C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:imgtech:zoneplayer:2.0.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "52197F9D-EA6D-4AB8-A913-DD0DA9F73A3A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "IMGTech Co,Ltd ZInsX.ocx ActiveX Control in Zoneplayer 2.0.1.3, version 2.0.1.4 and prior versions on Windows. File Donwload vulnerability in ZInsX.ocx of IMGTech Co,Ltd Zoneplayer allows attacker to cause arbitrary code execution."}, {"lang": "es", "value": "IMGTech Co,Ltd ZInsX.ocx ActiveX Control en Zoneplayer versi\u00f3n 2.0.1.3, y versi\u00f3n 2.0.1.4 y versiones anteriores en Windows. Una vulnerabilidad de Descarga de Archivo en ZInsX.ocx de IMGTech Co, Ltd Zoneplayer, permite a un atacante causar una ejecuci\u00f3n de c\u00f3digo arbitraria."}], "id": "CVE-2020-7803", "lastModified": "2020-08-06T13:34:08.213", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "vuln@krcert.or.kr", "type": "Secondary"}]}, "published": "2020-05-07T18:15:11.413", "references": [{"source": "vuln@krcert.or.kr", "tags": ["Product", "Vendor Advisory"], "url": "http://www.zoneplayer.co.kr/"}, {"source": "vuln@krcert.or.kr", "tags": ["Third Party Advisory"], "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35346"}], "sourceIdentifier": "vuln@krcert.or.kr", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "vuln@krcert.or.kr", "type": "Secondary"}]}