Lucene search

KrcertCVELIST:CVE-2022-23763

HistoryJun 28, 2022 - 1:49 p.m.

CVE-2022-23763 DOUZONE BIZON NeoRS file download and execute vulnerability

2022-06-2813:49:01

CWE-346

krcert

www.cve.org

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.6%

JSON

Origin validation error vulnerability in NeoRS’s ActiveX moudle allows attackers to download and execute arbitrary files. Remote attackers can use this vulerability to encourage users to access crafted web pages, causing damage such as malicious code infections.

CNA Affected

[
  {
    "platforms": [
      "Windows"
    ],
    "product": "NeoRS",
    "vendor": "DOUZONE BIZON Co.,Ltd",
    "versions": [
      {
        "lessThanOrEqual": "2021.3.10.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66788

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.6%

JSON

Related for CVELIST:CVE-2022-23763