Description
An arbitrary file download and execution vulnerability was found in the HShell.dll of handysoft Co., Ltd groupware ActiveX module. This issue is due to missing support for integrity check of download URL or downloaded file hash.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36239
Scores
CVSS v3
8.8
EPSS
0.0058
EPSS Percentile
42.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-353
CWE-345
Status
published
Products (3)
handysoft/hshell
1.7.4.5
handysoft/hshell
2.0.3.5
handysoft/hshell
4.0.1.6
Published
Sep 09, 2021
Tracked Since
Feb 18, 2026