Overview
- Description
- An arbitrary file download and execution vulnerability was found in the HShell.dll of handysoft Co., Ltd groupware ActiveX module. This issue is due to missing support for integrity check of download URL or downloaded file hash.
- Source
- vuln@krcert.or.kr
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:handysoft:hshell:1.7.4.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FB9DCED4-15F3-46A3-B119-FE1C2916E6CB"
},
{
"criteria": "cpe:2.3:a:handysoft:hshell:2.0.3.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F5A2C99D-8FD6-4E9B-96F0-0649E6B6442A"
},
{
"criteria": "cpe:2.3:a:handysoft:hshell:4.0.1.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "79C4224E-0FD4-45FA-A2D1-7C06DE22B864"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]