본문내용 바로가기 메인메뉴 바로가기 하단내용 바로가기

Security Advisory

Security Advisory Detail
CVE-2019-19169 | Dext5 Upload ActiveX file download vulnerability2020.04.29
□ Overview
o RAONwiz Co,Ltd released security update to address a file download vulnerability in Dext5 Upload
Vulnerability Type Impact Severity CVSS Score CVE ID
File download Code Execution High 7.8 CVE-2019-19169
 
□ Description
o Dext5.ocx ActiveX Control in Dext5 Upload contains a vulnerability that could allow remote attacker to download arbitrary file by setting the arguments to the activex method. this can be leveraged for code execution.
(CVE-2019-19169)
 
□ Affected Product
Product Version PlatForm
Dext.ocx ActiveX Control in Dext5 Upload 5.0.0.116 and prior Windows
 
□ Solution
o Update software over dext5.ocx ActiveX Control 5.0.0.117 version or higher.
 
□ Reference
[1] http://www.dext5.com/page/support/notice_view.aspx?pSeq=26
 
□ 작성 : 침해사고분석단 취약점분석팀