본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2020-7860 | UnEGG Integer overflow vulnerability2021.04.28
□ Overview
  o Estsoft Co,Ltd release security update to address a integer overflow vulnerability in UnEGG.
Vulnerability Type Impact Severity CVSS Score CVE-ID
Integer overflow arbitrary file execution High 7.8 CVE-2020-7860

□ Description
  o UnEGG has a Integer overflow vulnerability, triggered when the user opens a malformed specific file that is      mishandled by UnEGG. Attackers could exploit this and arbitrary code execution.(CVE-2020-7860)

□ Affected Product
Product Version
UnEGG UnEGG v0.5
 
□ Solution
  o Update software over UnEGG 1.0 version or higher.

□ Acknowledgements
  o Thanks to Jaeyeong Jeong for reporting these vulnerabilities.
 
□ Reference
  [1] https://www.altools.co.kr/Download/ALZip.aspx

□ 작성 : 침해사고분석단 취약점분석팀