CVE-2020-7880

HIGH

NeoRS ActiveX - Remote File Download and Execution via StartNeoRS

Title source: manual
STIX 2.1

Description

The vulnerabilty was discovered in ActiveX module related to NeoRS remote support program. This issue allows an remote attacker to download and execute remote file. It is because of improper parameter validation of StartNeoRS function in ActiveX.

References (1)

Core 1
Core References

Scores

CVSS v3 7.5
EPSS 0.0161
EPSS Percentile 72.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (1)
douzone/neors < rs10
Published Nov 30, 2021
Tracked Since Feb 18, 2026