Search criteria
2 vulnerabilities by kaoni
CVE-2020-7812 (GCVE-0-2020-7812)
Vulnerability from cvelistv5 – Published: 2020-05-28 13:12 – Updated: 2024-08-04 09:41
VLAI
Title
Kaoni ezHTTPTrans Active-X File Download and Execution Vulnerability
Summary
Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution by rebooting the victim’s PC.
Severity
7.8 (High)
CWE
- CWE-494 - Download of Code Without Integrity Check
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.kaoni.com/ | x_refsource_MISC |
| https://www.boho.or.kr/krcert/secNoticeView.do?bu… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Kaoni | ezHTTPTrans |
Affected:
1.0.0.70 , ≤ 1.0.0.90
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:41:01.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.kaoni.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35428"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ezHTTPTrans",
"vendor": "Kaoni",
"versions": [
{
"lessThanOrEqual": "1.0.0.90",
"status": "affected",
"version": "1.0.0.70",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thanks to Eunsol Lee for this vulnerability report."
}
],
"descriptions": [
{
"lang": "en",
"value": "Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution by rebooting the victim\u2019s PC."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-494",
"description": "CWE-494 Download of Code Without Integrity Check",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-28T13:12:54.000Z",
"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"shortName": "krcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.kaoni.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35428"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Kaoni ezHTTPTrans Active-X File Download and Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2020-7812",
"STATE": "PUBLIC",
"TITLE": "Kaoni ezHTTPTrans Active-X File Download and Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ezHTTPTrans",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.0.0.70",
"version_value": "1.0.0.90"
}
]
}
}
]
},
"vendor_name": "Kaoni"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Eunsol Lee for this vulnerability report."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution by rebooting the victim\u2019s PC."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-494 Download of Code Without Integrity Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kaoni.com/",
"refsource": "MISC",
"url": "http://www.kaoni.com/"
},
{
"name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35428",
"refsource": "MISC",
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35428"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"assignerShortName": "krcert",
"cveId": "CVE-2020-7812",
"datePublished": "2020-05-28T13:12:54.000Z",
"dateReserved": "2020-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:41:01.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7813 (GCVE-0-2020-7813)
Vulnerability from cvelistv5 – Published: 2020-05-22 13:05 – Updated: 2024-08-04 09:41
VLAI
Title
Kaoni ezHTTPTrans Active-X File Download and Execution Vulnerability
Summary
Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download and execute arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution.
Severity
7.8 (High)
CWE
- CWE-494 - Download of Code Without Integrity Check
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.kaoni.com/ | x_refsource_MISC |
| https://www.boho.or.kr/krcert/secNoticeView.do?bu… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Kaoni | ezHTTPTrans |
Affected:
1.0.0.70 , ≤ 1.0.0.90
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:41:01.888Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.kaoni.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35428"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ezHTTPTrans",
"vendor": "Kaoni",
"versions": [
{
"lessThanOrEqual": "1.0.0.90",
"status": "affected",
"version": "1.0.0.70",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thanks to Eunsol Lee for this vulnerability report."
}
],
"descriptions": [
{
"lang": "en",
"value": "Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download and execute arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-494",
"description": "CWE-494 Download of Code Without Integrity Check",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-22T13:05:13.000Z",
"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"shortName": "krcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.kaoni.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35428"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Kaoni ezHTTPTrans Active-X File Download and Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2020-7813",
"STATE": "PUBLIC",
"TITLE": "Kaoni ezHTTPTrans Active-X File Download and Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ezHTTPTrans",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.0.0.70",
"version_value": "1.0.0.90"
}
]
}
}
]
},
"vendor_name": "Kaoni"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Eunsol Lee for this vulnerability report."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download and execute arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-494 Download of Code Without Integrity Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kaoni.com/",
"refsource": "MISC",
"url": "http://www.kaoni.com/"
},
{
"name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35428",
"refsource": "MISC",
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35428"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"assignerShortName": "krcert",
"cveId": "CVE-2020-7813",
"datePublished": "2020-05-22T13:05:13.000Z",
"dateReserved": "2020-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:41:01.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}