Headline
CVE-2020-7878: KISA 인터넷 보호나라&KrCERT
An arbitrary file download and execution vulnerability was found in the VideoOffice X2.9 and earlier versions (CVE-2020-7878). This issue is due to missing support for integrity check.
Security Advisory
CVE-2020-7878 | 4NB VideoOffice File download and execution Vulnerability2021.11.16
□ Overview
o 4NB Co.,Ltd released security update to address arbitrary file download and execution vulnerability
Vulnerability Type
Impact
Severity
CVSS Score
CVE ID
Mission support for
integrity check
file download
and execution
High
8.8
CVE-2020-7878
□ Description
o An arbitrary file download and execution vulnerability was found in the VideoOffice(CVE-2020-7878)
o This issue is due to missing support for integrity check
□ Affected Product
Product
Version
Platform
VideoOffice
X2.9 and prior
Windows
□ Solution
o Update software over VideoOffice X2.10 version
□ Acknowledgements
o Thanks to Kwang Hyung Lee for reporting this vulnerability
□ Reference
o https://www.4nb.co.kr/v2/inquiry/demo.php#accordion2
□ 작성 : 침해사고분석단 취약점분석팀
트위터 페이스북