본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2021-26605 | unidocs ezPDFReader arbitrary command execution vulnerability2021.07.30
□ Overview
 o unidocs,inc released security update to address arbitrary command execution vulnerability in ezPDFReader.
Vulnerability Type Impact Severity CVSS Score CVE ID
Improper input validation Arbitrary command execution HIgh 7.5 CVE-2021-26605


□ Description
 o An improper input validation vulnerability in the service of ezPDFReader allows attacker to execute arbitrary command.
o This issue occurred when the ezPDF launcher received and executed  crafted input values through JSON-RPC communication.(CVE-2021-26605)

□ Affected Product
Product Version Platform
ezPDFWSLauncher.exe 2.0 ~ 3.0 Windows

□ Solution
 o Update ezPDFReader according to instruction in the unidocs website
 
□ 참고 사이트
 [1] http://www.unidocs.co.kr/notice_view.do?boardSeq=00000000000000001624608347799000

□ 기타
 o Thanks to Hyunmin Kim for reporting this vulnerability.
 


□ 작성 : 침해사고분석단 취약점분석팀