QwikSec

Security Database

CVE

CWE

Training

CVE-2019-12809

Published: Aug 15, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

Yes24ViewerX ActiveX Control 1.0.327.50126 and earlier versions contains a vulnerability that could allow remote attackers to download and execute arbitrary files by setting the arguments to the ActiveX method. This can be leveraged for code execution.

Vendor	Product	Versions
YES24	YES24 PC VIEWER	affected `1.0.327.50126`

Weaknesses (CWE)

References

https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35117

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.