CVE-2019-12809 | Yes24Viewer ActiveX File Download and Execution Vulnerability2019.08.14
o YES24 released security update to address file download and execution vulnerability in Yes24ViewerX ActiveX Control.
Arbitrary code execution
o Yes24Viewer ActiveX Control contains a vulnerability that could allow remote attackers to download and execute arbitrary file by setting the argument to the ActiveX method.
o This can be leveraged for arbitrary code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page.
□ Affected Product
1.0.327.50126 and prior
o Update software over Yes24 Viewer ActiveX 1.0.468.1016 version