CVE Vulnerability

CVE-2020-7826

EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions contain a vulnerability that could allow remote files to be download by setting the arguments to the vulnerable method. This can be leveraged for code execution. When the vulnerable method is called, they fail to properly check the parameters that are passed to it.

7.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35512 Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:eyesurfer:bflyinstallerx.ocx:*:*:*:*:*:*:*:*
Information

Published : 2020-07-17 04:15

Updated : 2020-07-22 03:08

NVD link : CVE-2020-7826

Mitre link : CVE-2020-7826

Products Affected
No products.
CWE
CWE-494

Download of Code Without Integrity Check