본문내용 바로가기 메인메뉴 바로가기 하단내용 바로가기

Security Advisory

Security Advisory Detail
CVE-2020-7810 | HandySoft ActiveX File Download and Execution Vulnerability2020.08.07
□ Overview
 o Handysoft, Inc. released security update to address file download and execution vulnerability in Groupware ActiveX Control.
Vulnerability Type Impact Severity CVSS Score CVE ID
File Donwload and Execution Code Execution High 8.8 CVE-2020-7810

□ Description
 o hslogin2.dll ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. (CVE-2020-7810)
 o A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code infection.

□ Affected Product
Product Version Platform
hslogin2.dll 6.7.8.4 and prior
7.3.4 and prior
Windows

□ Solution
 o Update software over hslogin2.dll ActiveX Control 6.7.8.9002 / 7.3.4.1 version or higher.

​□ Reference
[1] http://www.handysoft.co.kr/en/

□ Acknowledgements
 o Thanks to Eunsol Lee for reporting this vulnerability.


□ 작성 : 침해사고분석단 취약점분석팀