o DOUZONE ICT GROUP. released security update to address file download and execution vulnerability in Groupware ActiveX Control.
|File Download and Execution
o NBBDownloader.ocx ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. (CVE-2020-7850)
o A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code infection.
□ Affected Product
||220.127.116.11 and prior
o Update software over NBBDownloader.ocx ActiveX Control 18.104.22.168 version or higher.
□ 작성 : 침해사고분석단 취약점분석팀