본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2020-7875 | RAONWIZ DEXT5 Upload ActiveX remote file execution vulnerability2021.10.28
□ Overview
 o RAONWIZ Co.,Ltd released security update to address arbitrary remote code execution vulnerability in DEXT5 Upload ActiveX module.(file transfer solution)
Vulnerability Type Impact Severity CVSS Score CVE ID
Download of code without
integrity check
arbitrary remote code
execution
High 7.5 CVE-2020-7875

□ Description
 o DEXT5 Upload 5.0.0.117 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting
the argument, variable in the activeX module. This can be leveraged for code execution. 

□ Affected Product
Product Version Platform
dext5.ocx(DEXT5 Upload Control) 5.0.0.117 Windows

□ Solution
 o Update the program over RAONWIZ DEXT5 Upload 5.0.0.118 version or higher.

□ Reference
 [1] http://www.dext5.com/page/support/notice_view.aspx?pSeq=26

□ Etc
 o Thanks to Dong-Hyeon Yu for reporting this vulnerability.


□ 작성 : 침해사고분석단 취약점분석팀