What is CVE-2020-7810?

CVE-2020-7810 is a vulnerability in the hslogin2.dll ActiveX Control in Groupware that allows remote files to be downloaded and executed.

How does CVE-2020-7810 impact Handysoft Hslogin2.dll?

CVE-2020-7810 affects versions 6.7.8.4 to 7.3.4 of Handysoft Hslogin2.dll, allowing remote files to be downloaded and executed by setting the arguments to the ActiveX method.

What is the severity rating of CVE-2020-7810?

CVE-2020-7810 has a severity rating of 8.8 (high).

How can I fix CVE-2020-7810 vulnerability?

To fix the CVE-2020-7810 vulnerability, it is recommended to update to a version of Handysoft Hslogin2.dll that is not vulnerable or apply any patches or security updates provided by the vendor.

Are there any references for CVE-2020-7810?

Yes, you can find more information about CVE-2020-7810 at the following references: [Handysoft](http://www.handysoft.co.kr/en/) and [KRCERT](https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35551).

Vulnerability/
CVE-2020-7810

high

8.8

CWE

354 353

7/8/2020

16/9/2024

CVE-2020-7810: HandySoft ActiveX File Download and Execution Vulnerability

First published: Fri Aug 07 2020(Updated: )

hslogin2.dll ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. This is due to a lack of integrity verification of the policy files referenced in the update process, and a remote attacker could induce a user to crafted web page, causing damage such as malicious code infection.

Credit: vuln@krcert.or.kr

Affected Software	Affected Version	How to fix
Handysoft Hslogin2.dll	<=6.7.8.4
Handysoft Hslogin2.dll	>=7.0.0<=7.3.4
Microsoft Windows

Remedy

Update software over hslogin2.dll ActiveX Control 6.7.8.9002 / 7.3.4.1 version or higher.

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-7810?
CVE-2020-7810 is a vulnerability in the hslogin2.dll ActiveX Control in Groupware that allows remote files to be downloaded and executed.
How does CVE-2020-7810 impact Handysoft Hslogin2.dll?
CVE-2020-7810 affects versions 6.7.8.4 to 7.3.4 of Handysoft Hslogin2.dll, allowing remote files to be downloaded and executed by setting the arguments to the ActiveX method.
What is the severity rating of CVE-2020-7810?
CVE-2020-7810 has a severity rating of 8.8 (high).
How can I fix CVE-2020-7810 vulnerability?
To fix the CVE-2020-7810 vulnerability, it is recommended to update to a version of Handysoft Hslogin2.dll that is not vulnerable or apply any patches or security updates provided by the vendor.
Are there any references for CVE-2020-7810?
Yes, you can find more information about CVE-2020-7810 at the following references: [Handysoft](http://www.handysoft.co.kr/en/) and [KRCERT](https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35551).

collector/nvd-index
agent/weakness
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/remedy
agent/author
agent/severity
agent/title
agent/tags
agent/first-publish-date
agent/event
agent/description
vendor/handysoft
canonical/handysoft hslogin2.dll
version/handysoft hslogin2.dll/6.7.8.4
version/handysoft hslogin2.dll/7.0.0
version/handysoft hslogin2.dll/7.3.4
vendor/microsoft
canonical/microsoft windows

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.