CVE-2019-19164

Current Description

dext5.ocx ActiveX Control in Dext5 Upload 5.0.0.112 and earlier versions contains a vulnerability that could allow remote files to be executed by setting the arguments to the activex method. A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code infection.

Basic Data

PublishedMay 07, 2020
Last ModifiedMay 21, 2020
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-20
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.8
SeverityMEDIUM
Exploitability Score8.6
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationRaonwizDext52.7*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationMicrosoftActivex********5.0.0.112

Vulnerable Software List

VendorProductVersions
Raonwiz Dext5 2.7

References

NameSourceURLTags
http://www.dext5.com/page/support/notice_view.aspx?pSeq=23http://www.dext5.com/page/support/notice_view.aspx?pSeq=23CONFIRMVendor Advisory
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35344https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35344CONFIRMThird Party Advisory