본문내용 바로가기 메인메뉴 바로가기 하단내용 바로가기

Security Advisory

Security Advisory Detail
CVE-2019-19168 | Dext5 Upload ActiveX file download and execution vulnerability2020.04.29
□ Overview
o RAONwiz Co,Ltd released security update to address a file download and execution vulnerability in Dext5 Upload
Vulnerability Type Impact Severity CVSS Score CVE ID
File download & execution Code Execution High 7.8 CVE-2019-19168
 
□ Description
o Dext5.ocx ActiveX Control in Dext5 Upload contains a vulnerability that could allow remote attacker to download and execute arbitrary file by setting the arguments to the activex method. this can be leveraged for code execution.(CVE-2019-19168)
 
□ Affected Product
Product Version PlatForm
Dext.ocx ActiveX Control in Dext5 Upload 5.0.0.116 and prior Windows
 
□ Solution
o Update software over Dext5.ocx ActiveX Control 5.0.0.117 version or higher.
 
□ Reference
[1] http://www.dext5.com/page/support/notice_view.aspx?pSeq=26
 
 
 
□ 작성 : 침해사고분석단 취약점분석팀