CVE-2020-7810

HIGH

hslogin2.dll - RCE

Title source: llm

Description

hslogin2.dll ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. This is due to a lack of integrity verification of the policy files referenced in the update process, and a remote attacker could induce a user to crafted web page, causing damage such as malicious code infection.

References (2)

[Product] http://www.handysoft.co.kr/en/

[Third Party Advisory] https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35551

Scores

CVSS v3 8.8

EPSS 0.0020

EPSS Percentile 41.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-353 CWE-354

Status published

Products (1)

handysoft/hslogin2.dll < 6.7.8.4

Published Aug 07, 2020

Tracked Since Feb 18, 2026