Search criteria
3 vulnerabilities found for cymiinstaller322_activex by cymiinstaller322_activex_project
FKIE_CVE-2019-19161
Vulnerability from fkie_nvd - Published: 2020-06-30 14:15 - Updated: 2024-11-21 04:34
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
CyMiInstaller322 ActiveX which runs MIPLATFORM downloads files required to run applications. A vulnerability in downloading files by CyMiInstaller322 ActiveX caused by an attacker to download randomly generated DLL files and MIPLATFORM to load those DLLs due to insufficient verification.
References
| URL | Tags | ||
|---|---|---|---|
| vuln@krcert.or.kr | https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35479 | Third Party Advisory | |
| vuln@krcert.or.kr | https://www.tobesoft.com/Index.do | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35479 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tobesoft.com/Index.do | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cymiinstaller322_activex_project | cymiinstaller322_activex | * | |
| microsoft | windows_10 | - | |
| microsoft | windows_7 | - | |
| microsoft | windows_8 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cymiinstaller322_activex_project:cymiinstaller322_activex:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13298A6F-7976-4571-91E4-773AEDD691D5",
"versionEndIncluding": "2016.5.26.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D229E41-A971-4284-9657-16D78414B93F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CyMiInstaller322 ActiveX which runs MIPLATFORM downloads files required to run applications. A vulnerability in downloading files by CyMiInstaller322 ActiveX caused by an attacker to download randomly generated DLL files and MIPLATFORM to load those DLLs due to insufficient verification."
},
{
"lang": "es",
"value": "CyMiInstaller322 ActiveX que ejecuta MIPLATFORM, descarga unos archivos necesarios para ejecutar aplicaciones. Una vulnerabilidad en la descarga de archivos por CyMiInstaller322 ActiveX causada por un atacante para descargar archivos DLL generados aleatoriamente y MIPLATFORM para cargar esas DLL debido a una verificaci\u00f3n insuficiente"
}
],
"id": "CVE-2019-19161",
"lastModified": "2024-11-21T04:34:16.380",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "vuln@krcert.or.kr",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-30T14:15:11.173",
"references": [
{
"source": "vuln@krcert.or.kr",
"tags": [
"Third Party Advisory"
],
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35479"
},
{
"source": "vuln@krcert.or.kr",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tobesoft.com/Index.do"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35479"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tobesoft.com/Index.do"
}
],
"sourceIdentifier": "vuln@krcert.or.kr",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2019-19161 (GCVE-0-2019-19161)
Vulnerability from cvelistv5 – Published: 2020-06-30 13:34 – Updated: 2024-08-05 02:09
VLAI?
Title
To be able to change Dll Files to preload with missing support for integrity check vulnerability MIPLATFORM ActiveX of TOBESOFT.CO.LTD,
Summary
CyMiInstaller322 ActiveX which runs MIPLATFORM downloads files required to run applications. A vulnerability in downloading files by CyMiInstaller322 ActiveX caused by an attacker to download randomly generated DLL files and MIPLATFORM to load those DLLs due to insufficient verification.
Severity ?
7.2 (High)
CWE
- Missing support for integrity check
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TOBESOFT.CO.LTD | MIPLATFORM |
Affected:
unspecified , ≤ 2016.5.26.1
(custom)
|
Credits
Jeongun Baek
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.343Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tobesoft.com/Index.do"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35479"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MIPLATFORM",
"vendor": "TOBESOFT.CO.LTD",
"versions": [
{
"lessThanOrEqual": "2016.5.26.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jeongun Baek"
}
],
"descriptions": [
{
"lang": "en",
"value": "CyMiInstaller322 ActiveX which runs MIPLATFORM downloads files required to run applications. A vulnerability in downloading files by CyMiInstaller322 ActiveX caused by an attacker to download randomly generated DLL files and MIPLATFORM to load those DLLs due to insufficient verification."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing support for integrity check",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-30T13:34:40",
"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"shortName": "krcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tobesoft.com/Index.do"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35479"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "To be able to change Dll Files to preload with missing support for integrity check vulnerability MIPLATFORM ActiveX of TOBESOFT.CO.LTD,",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2019-19161",
"STATE": "PUBLIC",
"TITLE": "To be able to change Dll Files to preload with missing support for integrity check vulnerability MIPLATFORM ActiveX of TOBESOFT.CO.LTD,"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MIPLATFORM",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2016.5.26.1"
}
]
}
}
]
},
"vendor_name": "TOBESOFT.CO.LTD"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jeongun Baek"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CyMiInstaller322 ActiveX which runs MIPLATFORM downloads files required to run applications. A vulnerability in downloading files by CyMiInstaller322 ActiveX caused by an attacker to download randomly generated DLL files and MIPLATFORM to load those DLLs due to insufficient verification."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing support for integrity check"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tobesoft.com/Index.do",
"refsource": "MISC",
"url": "https://www.tobesoft.com/Index.do"
},
{
"name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35479",
"refsource": "MISC",
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35479"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"assignerShortName": "krcert",
"cveId": "CVE-2019-19161",
"datePublished": "2020-06-30T13:34:40",
"dateReserved": "2019-11-21T00:00:00",
"dateUpdated": "2024-08-05T02:09:39.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19161 (GCVE-0-2019-19161)
Vulnerability from nvd – Published: 2020-06-30 13:34 – Updated: 2024-08-05 02:09
VLAI?
Title
To be able to change Dll Files to preload with missing support for integrity check vulnerability MIPLATFORM ActiveX of TOBESOFT.CO.LTD,
Summary
CyMiInstaller322 ActiveX which runs MIPLATFORM downloads files required to run applications. A vulnerability in downloading files by CyMiInstaller322 ActiveX caused by an attacker to download randomly generated DLL files and MIPLATFORM to load those DLLs due to insufficient verification.
Severity ?
7.2 (High)
CWE
- Missing support for integrity check
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TOBESOFT.CO.LTD | MIPLATFORM |
Affected:
unspecified , ≤ 2016.5.26.1
(custom)
|
Credits
Jeongun Baek
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.343Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tobesoft.com/Index.do"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35479"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MIPLATFORM",
"vendor": "TOBESOFT.CO.LTD",
"versions": [
{
"lessThanOrEqual": "2016.5.26.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jeongun Baek"
}
],
"descriptions": [
{
"lang": "en",
"value": "CyMiInstaller322 ActiveX which runs MIPLATFORM downloads files required to run applications. A vulnerability in downloading files by CyMiInstaller322 ActiveX caused by an attacker to download randomly generated DLL files and MIPLATFORM to load those DLLs due to insufficient verification."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing support for integrity check",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-30T13:34:40",
"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"shortName": "krcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tobesoft.com/Index.do"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35479"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "To be able to change Dll Files to preload with missing support for integrity check vulnerability MIPLATFORM ActiveX of TOBESOFT.CO.LTD,",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2019-19161",
"STATE": "PUBLIC",
"TITLE": "To be able to change Dll Files to preload with missing support for integrity check vulnerability MIPLATFORM ActiveX of TOBESOFT.CO.LTD,"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MIPLATFORM",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2016.5.26.1"
}
]
}
}
]
},
"vendor_name": "TOBESOFT.CO.LTD"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jeongun Baek"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CyMiInstaller322 ActiveX which runs MIPLATFORM downloads files required to run applications. A vulnerability in downloading files by CyMiInstaller322 ActiveX caused by an attacker to download randomly generated DLL files and MIPLATFORM to load those DLLs due to insufficient verification."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing support for integrity check"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tobesoft.com/Index.do",
"refsource": "MISC",
"url": "https://www.tobesoft.com/Index.do"
},
{
"name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35479",
"refsource": "MISC",
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35479"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"assignerShortName": "krcert",
"cveId": "CVE-2019-19161",
"datePublished": "2020-06-30T13:34:40",
"dateReserved": "2019-11-21T00:00:00",
"dateUpdated": "2024-08-05T02:09:39.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}