CVE-2020-7826
HIGHEyeSurfer BflyInstallerX.ocx v1.0.0.16 - Code Injection
Title source: llmDescription
EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions contain a vulnerability that could allow remote files to be download by setting the arguments to the vulnerable method. This can be leveraged for code execution. When the vulnerable method is called, they fail to properly check the parameters that are passed to it.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_confirm
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35512
Scores
CVSS v3
8.8
EPSS
0.0073
EPSS Percentile
49.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-494
Status
published
Products (1)
eyesurfer/bflyinstallerx.ocx
< 1.0.0.16
Published
Jul 17, 2020
Tracked Since
Feb 18, 2026