본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2020-7869 | ZOOK arbitrary file creation vulnerability2021.06.22
□ Overview
 o mastersoft released security update to address arbitrary file creation through Improper input validation and
directory traversing vulnerability in ZOOK. (remote administration tool)
Vulnerability Type Impact Severity CVSS CVE ID
Improper input validation Arbitrary file creation critical 9.0 CVE-2020-7869
 
□ Description
 o An improper input validation vulnerability of ZOOK software(remote administration tool) could allow a remote attacker to create arbitrary file.
 o The ZOOK viewer has the "Tight file CMD" function to create file. An attacker could create and execute arbitrary file in the ZOOK agent program using "Tight file CMD" without authority. (CVE-2020-7868)

□ Affected Products
Product Version OS
ZOOKViewer_setup.exe 2.0.4.6 Windows
 
□ Solution
 o Update software over ZOOKViewer_setup.exe 2.0.8.3 version or higher.

□ Acknowledgements
 o Thanks to Jeongun Baek for reporting this vulnerability.
 
□ Reference site
 [1] https://www.zook.co.kr


□ 작성 : 침해사고분석단 취약점분석팀