Input validation

2021-09-0913:15:00

PRIOn knowledge base

www.prio-n.com

8.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

65.0%

JSON

Download of code without integrity check vulnerability in NEXACRO14 Runtime ActiveX control of tobesoft Co., Ltd allows the attacker to cause an arbitrary file download and execution. This vulnerability is due to incomplete validation of file download URL or file extension.

CPENameOperatorVersion
nexacroge14.0.0.0
nexacrolt14.0.1.3600

CPE	Name	Operator	Version
	nexacro	ge	14.0.0.0
	nexacro	lt	14.0.1.3600

References

www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36235