CVE-2020-7874

HIGH

NEXACRO14 Runtime ActiveX Control 14.0.0.0-14.0.1.3600 - Arbitrary File Download and Execution

Title source: llm

Description

Download of code without integrity check vulnerability in NEXACRO14 Runtime ActiveX control of tobesoft Co., Ltd allows the attacker to cause an arbitrary file download and execution. This vulnerability is due to incomplete validation of file download URL or file extension.

References (1)

Core 1

Core References

Third Party Advisory x_refsource_misc

https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36235

Scores

CVSS v3 8.8

EPSS 0.0056

EPSS Percentile 42.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-494

Status published

Products (1)

tobesoft/nexacro 14.0.0.0 - 14.0.1.3600

Published Sep 09, 2021

Tracked Since Feb 18, 2026