CVE-2020-7804: OS Command Injection
First published: Wed Apr 29 2020(Updated: )
ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7, 8, and 10 allows an attacker to execute arbitrary command via the ShellExec method.
Credit: vuln@krcert.or.kr
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Handysoft Groupware | =1.7.3.1 | |
| Microsoft Windows 10 | ||
| Microsoft Windows 7 | ||
| Microsoft Windows 8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-7804?
CVE-2020-7804 is a vulnerability in ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7, 8, and 10 that allows an attacker to execute arbitrary commands via the ShellExec method.
What is the severity of CVE-2020-7804?
The severity of CVE-2020-7804 is high with a severity value of 7.2.
How can an attacker exploit CVE-2020-7804?
An attacker can exploit CVE-2020-7804 by using the ShellExec method of the ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 to execute arbitrary commands.
Which versions of Handy Groupware are affected by CVE-2020-7804?
Handy Groupware 1.7.3.1 is the specific version affected by CVE-2020-7804.
Are Microsoft Windows 7, 8, and 10 vulnerable to CVE-2020-7804?
No, Microsoft Windows 7, 8, and 10 are not vulnerable to CVE-2020-7804.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/handysoft
- canonical/handysoft groupware
- version/handysoft groupware/1.7.3.1
- vendor/microsoft
- canonical/microsoft windows 10
- canonical/microsoft windows 7
- canonical/microsoft windows 8