CVE-2020-7826

HIGH

EyeSurfer BflyInstallerX.ocx v1.0.0.16 - Code Injection

Title source: llm

Description

EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions contain a vulnerability that could allow remote files to be download by setting the arguments to the vulnerable method. This can be leveraged for code execution. When the vulnerable method is called, they fail to properly check the parameters that are passed to it.

References (1)

[Third Party Advisory] https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35512

Scores

CVSS v3 8.8

EPSS 0.0023

EPSS Percentile 46.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-494

Status published

Products (1)

eyesurfer/bflyinstallerx.ocx < 1.0.0.16

Published Jul 17, 2020

Tracked Since Feb 18, 2026