CVE-2020-7874

HIGH

NEXACRO14 Runtime - Code Injection

Title source: llm

Description

Download of code without integrity check vulnerability in NEXACRO14 Runtime ActiveX control of tobesoft Co., Ltd allows the attacker to cause an arbitrary file download and execution. This vulnerability is due to incomplete validation of file download URL or file extension.

References (1)

[Third Party Advisory] https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36235

Scores

CVSS v3 8.8

EPSS 0.0023

EPSS Percentile 46.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-494

Status published

Products (1)

tobesoft/nexacro 14.0.0.0 - 14.0.1.3600

Published Sep 09, 2021

Tracked Since Feb 18, 2026