CVE-2020-7812
HIGHKaoni ezHTTPTrans < 1.0.0.70 - Remote Code Execution via Ezhttptrans.ocx ActiveX Method
Title source: llmDescription
Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution by rebooting the victim’s PC.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
http://www.kaoni.com/
Third Party Advisory x_refsource_misc
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35428
Scores
CVSS v3
7.8
EPSS
0.0075
EPSS Percentile
49.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-494
Status
published
Products (1)
kaoni/ezhttptrans
< 1.0.0.70
Published
May 28, 2020
Tracked Since
Feb 18, 2026