CVE-2019-19261

Current Description

AxECM.cab(ActiveX Control) in Inogard Ebiz4u contains a vulnerability that could allow remote files to be downloaded and executed by setting arguments to the activeX method. Download of Code Without Integrity Check vulnerability in ActiveX control of Inogard Co,,LTD Ebiz4u ActiveX of Inogard Co,,LTD(AxECM.cab) allows ATTACKER to cause a file download to Windows user's folder and execute. This issue affects: Inogard Co,,LTD Ebiz4u ActiveX of Inogard Co,,LTD(AxECM.cab) version 1.0.5.0 and later versions on windows 7/8/10.

Basic Data

PublishedApril 29, 2020
Last ModifiedMay 11, 2020
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCVE-2010-3441
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationSINGLE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.5
SeverityMEDIUM
Exploitability Score8.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationInogardActivex********1.0.5.0
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSMicrosoftWindows 10-*******
      2.3OSMicrosoftWindows 7-*******
      2.3OSMicrosoftWindows 8-*******

Vulnerable Software List

VendorProductVersions
Inogard Activex *

References

NameSourceURLTags
http://www.ebiz4u.co.kr/home.dohttp://www.ebiz4u.co.kr/home.doCONFIRMVendor Advisory
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35348https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35348CONFIRMThird Party Advisory