First published: Thu May 07 2020(Updated: )
dext5.ocx ActiveX Control in Dext5 Upload 5.0.0.112 and earlier versions contains a vulnerability that could allow remote files to be executed by setting the arguments to the activex method. A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code infection.
Credit: vuln@krcert.or.kr
Affected Software | Affected Version | How to fix |
---|---|---|
Raonwiz Dext5 | =2.7 | |
Microsoft Activex | <=5.0.0.112 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2019-19164.
The severity of CVE-2019-19164 is high with a CVSS score of 8.8.
The affected software for CVE-2019-19164 is Dext5 Upload versions 5.0.0.112 and earlier, as well as Microsoft ActiveX.
An attacker can exploit CVE-2019-19164 by inducing a user to access a crafted web page that executes remote files by setting arguments to the ActiveX method.
Yes, you can find more information about CVE-2019-19164 in the references provided: http://www.dext5.com/page/support/notice_view.aspx?pSeq=23 and https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35344.