← back
CVE-2020-7841

TOBESOFT XPLATFORM arbitrary hta file execution vulnerability

CVSS 8.8 HIGHEPSS 1.5%CWE-20
Improper input validation vulnerability exists in TOBESOFT XPLATFORM which could cause arbitrary .hta file execution when the command string is begun with http://, https://, mailto://
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
TOBESOFT · XPLATFORM XPlatformLib922.dll

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35789