Download of code without integrity check vulnerability in NEXACRO14 Runtime ActiveX control of tobesoft Co., Ltd allows the attacker to cause an arbitrary file download and execution. This vulnerability is due to incomplete validation of file download URL or file extension.
References
Link | Resource |
---|---|
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36235 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: krcert
Published: 2021-09-09T12:49:59
Updated: 2021-09-09T12:49:59
Reserved: 2020-01-22T00:00:00
Link: CVE-2020-7874
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-09-09T13:15:08.437
Modified: 2021-09-22T13:59:10.590
Link: CVE-2020-7874
JSON object: View
Redhat Information
No data.
CWE