Vulnerability Description
AxECM.cab(ActiveX Control) in Inogard Ebiz4u contains a vulnerability that could allow remote files to be downloaded and executed by setting arguments to the activeX method. Download of Code Without Integrity Check vulnerability in ActiveX control of Inogard Co,,LTD Ebiz4u ActiveX of Inogard Co,,LTD(AxECM.cab) allows ATTACKER to cause a file download to Windows user's folder and execute. This issue affects: Inogard Co,,LTD Ebiz4u ActiveX of Inogard Co,,LTD(AxECM.cab) version 1.0.5.0 and later versions on windows 7/8/10.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Inogard | Activex | < 1.0.5.0 |
| Microsoft | Windows 10 | - |
| Microsoft | Windows 7 | - |
| Microsoft | Windows 8 | - |
Related Weaknesses (CWE)
References
- http://www.ebiz4u.co.kr/home.doVendor Advisory
- https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35348Third Party Advisory
- http://www.ebiz4u.co.kr/home.doVendor Advisory
- https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35348Third Party Advisory
FAQ
What is CVE-2019-19165?
CVE-2019-19165 is a vulnerability with a CVSS score of 7.2 (HIGH). AxECM.cab(ActiveX Control) in Inogard Ebiz4u contains a vulnerability that could allow remote files to be downloaded and executed by setting arguments to the activeX method. Download of Code Without I...
How severe is CVE-2019-19165?
CVE-2019-19165 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-19165?
Check the references section above for vendor advisories and patch information. Affected products include: Inogard Activex, Microsoft Windows 10, Microsoft Windows 7, Microsoft Windows 8.