본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2020-7880 | douzone NeoRS remote support program ActiveX vulnerability2021.11.30
□ Overview
 o douzone Co.,Ltd released security update to address improper input validation vulnerability in NeoRS ActiveX module.
Vulnerability
Vulnerability Type Impact Severity CVSS Score CVE ID
improper input validation remote file download and execution High 7.5 CVE-2020-7880

□ Description
 o The vulnerabilty was discovered in ActiveX module related to NeoRS remote support program. 
This issue allows an remote attacker to download and execute remote file.
o It is because of improper parameter validation of StartNeoRS function in ActiveX.

□ Affected Product
Affected Product
Product Version Platform
NeoRS RS10 Windows

□ Solution
 o Update software NeoRS RS10 version or higher.

□ Reference
 [1] http://www.douzone.com/product/expansion/ex08_neors_01dou

□ Etc
 o Thanks to Hee Hyun Kim for reporting this vulnerability.


□ 작성 : 침해사고분석단 취약점분석팀