Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulnerability, which could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution.
References
Link | Resource |
---|---|
http://www.dext5.com/page/support/notice_view.aspx?pSeq=26 | Vendor Advisory |
https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35352 | Third Party Advisory |
http://www.dext5.com/page/support/notice_view.aspx?pSeq=26 | Vendor Advisory |
https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35352 | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 04:34
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.dext5.com/page/support/notice_view.aspx?pSeq=26 - Vendor Advisory | |
References | () https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35352 - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 7.8 |
Information
Published : 2020-05-06 13:15
Updated : 2024-11-21 04:34
NVD link : CVE-2019-19168
Mitre link : CVE-2019-19168
CVE.ORG link : CVE-2019-19168
JSON object : View
Products Affected
microsoft
- activex
raonwiz
- dext5
CWE