CVE-2018-5204
CRITICALML Report 2.00.000.0000-2.18.628.5980 - Remote Code Execution via ActiveX Method Argument
Title source: llmDescription
ML Report version Between 2.00.000.0000 and 2.18.628.5980 contains a vulnerability that could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex method. this can be leveraged for code execution.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30123
Scores
CVSS v3
9.8
EPSS
0.0234
EPSS Percentile
81.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (1)
infraware-global/ml_report
2.00.000.0000 - 2.18.628.5980
Published
Dec 28, 2018
Tracked Since
Feb 18, 2026