본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2020-7867 | Helpu arbitrary file creation vulnerability2021.10.26
□ Overview
 o Helpu released security update to address arbitrary file creation vulnerability in Helpu.(remote administration solution)
Vulnerability Type Impact Severity CVSS Score CVE ID
Improper input validation arbitrary file creation
and execution
High 8.0 CVE-2020-7867

□ Description
 o An improper input validation vulnerability in Helpu solution allow a local attacker to arbitrary file creation and execution without click file transfer menu.
 o It is possible to file in arbitrary directory for user because the viewer program receive the file from agent program with privilege of administrator.

□ Affected Product
Product Version Platform
HelpuViewer.exe 2018.5.21.0 Windows

□ Solution
 o Update software over HelpuViewer.exe 2020.11.20.0 version or higher.

□ Reference
 [1] https://helpu.co.kr/helpu/helpu.html

□ Etc
 o Thanks to Jeongun Baek for reporting this vulnerability.

 


□ 작성 : 침해사고분석단 취약점분석팀