Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-19165

AxECM.cab(ActiveX Control) in Inogard Ebiz4u contains a vulnerability that could allow remote files to be downloaded and executed by setting arguments to the activeX method. Download of Code Without Integrity Check vulnerability in ActiveX control of Inogard Co,,LTD Ebiz4u ActiveX of Inogard Co,,LTD(AxECM.cab) allows ATTACKER to cause a file download to Windows user's folder and execute. This issue affects: Inogard Co,,LTD Ebiz4u ActiveX of Inogard Co,,LTD(AxECM.cab) version 1.0.5.0 and later versions on windows 7/8/10.

Published

2020-04-29T16:15:11.667

Last Modified

2024-11-21T04:34:16.900

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.2 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.0

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-494
Type: Primary
CWE-494

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	inogard	activex	< 1.0.5.0	Yes
Operating System	microsoft	windows_10	-	No
Operating System	microsoft	windows_7	-	No
Operating System	microsoft	windows_8	-	No

References

http://www.ebiz4u.co.kr/home.do Vendor Advisory ([email protected])
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35348 Third Party Advisory ([email protected])
http://www.ebiz4u.co.kr/home.do Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35348 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)