CVE-2020-7883

CRITICAL

9.8

Description

Printchaser v2.2021.804.1 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. This can be leveraged for code execution.

CVE Details

CVSS v3.1 Score9.8

SeverityCRITICAL

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published12/28/2021

Last Modified11/21/2024

Sourcenvd

Honeypot Sightings0

Affected Products

microsoft:windowswowsoft:printchaser

Weaknesses (CWE)

CWE-494CWE-494

References

https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36350(vuln@krcert.or.kr)

https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36350(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.