CVE-2019-12809

2019-08-1518:53:58

CWE-494

krcert

www.cve.org

9 High

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.0%

JSON

Yes24ViewerX ActiveX Control 1.0.327.50126 and earlier versions contains a vulnerability that could allow remote attackers to download and execute arbitrary files by setting the arguments to the ActiveX method. This can be leveraged for code execution.

CNA Affected

[
  {
    "product": "YES24 PC VIEWER",
    "vendor": "YES24",
    "versions": [
      {
        "status": "affected",
        "version": "1.0.327.50126"
      }
    ]
  }
]

References

www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35117