CVE-2020-7880

The vulnerabilty was discovered in ActiveX module related to NeoRS remote support program. This issue allows an remote attacker to download and execute remote file. It is because of improper parameter validation of StartNeoRS function in ActiveX.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:douzone:neors:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:37

Type Values Removed Values Added
References () https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36367 - Third Party Advisory () https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36367 - Third Party Advisory
CVSS v2 : 9.3
v3 : 8.8
v2 : 9.3
v3 : 7.5

Information

Published : 2021-11-30 19:15

Updated : 2024-11-21 05:37


NVD link : CVE-2020-7880

Mitre link : CVE-2020-7880

CVE.ORG link : CVE-2020-7880


JSON object : View

Products Affected

microsoft

  • windows

douzone

  • neors
CWE
CWE-20

Improper Input Validation