o mastersoft released security update to address arbitrary file creation through Improper input validation and
directory traversing vulnerability in ZOOK. (remote administration tool)
|Improper input validation
||Arbitrary file creation
o An improper input validation vulnerability of ZOOK software(remote administration tool) could allow a remote attacker to create arbitrary file.
o The ZOOK viewer has the "Tight file CMD" function to create file. An attacker could create and execute arbitrary file in the ZOOK agent program using "Tight file CMD" without authority. (CVE-2020-7868)
□ Affected Products
o Update software over ZOOKViewer_setup.exe 188.8.131.52 version or higher.
o Thanks to Jeongun Baek for reporting this vulnerability.
□ Reference site
□ 작성 : 침해사고분석단 취약점분석팀