The vulnerabilty was discovered in ActiveX module related to NeoRS remote support program. This issue allows an remote attacker to download and execute remote file. It is because of improper parameter validation of StartNeoRS function in ActiveX.
References
Link | Resource |
---|---|
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36367 | Third Party Advisory |
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36367 | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 05:37
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36367 - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 9.3
v3 : 7.5 |
Information
Published : 2021-11-30 19:15
Updated : 2024-11-21 05:37
NVD link : CVE-2020-7880
Mitre link : CVE-2020-7880
CVE.ORG link : CVE-2020-7880
JSON object : View
Products Affected
microsoft
- windows
douzone
- neors
CWE
CWE-20
Improper Input Validation