Design/Logic Flaw

2021-09-0913:15:00

PRIOn knowledge base

www.prio-n.com

9.2 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.1%

JSON

An arbitrary file download and execution vulnerability was found in the HShell.dll of handysoft Co., Ltd groupware ActiveX module. This issue is due to missing support for integrity check of download URL or downloaded file hash.

CPENameOperatorVersion
hshelleq1.7.4.5
hshelleq2.0.3.5
hshelleq4.0.1.6

Name	Operator	Version
hshell	eq	1.7.4.5
hshell	eq	2.0.3.5
hshell	eq	4.0.1.6

References

www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36239