CVE-2020-7810 | HandySoft ActiveX File Download and Execution Vulnerability2020.08.07
o Handysoft, Inc. released security update to address file download and execution vulnerability in Groupware ActiveX Control.
File Donwload and Execution
o hslogin2.dll ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. (CVE-2020-7810)
o A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code infection.
□ Affected Product
126.96.36.199 and prior
7.3.4 and prior
o Update software over hslogin2.dll ActiveX Control 188.8.131.5202 / 184.108.40.206 version or higher.
o Thanks to Eunsol Lee for reporting this vulnerability.