CVE-2018-5197

EUVD-2018-16982
A vulnerability in the ExtCommon.dll user extension module version 9.2, 9.2.1, 9.2.2 of Xplatform ActiveX could allow attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command parameters. An crafted malicious parameters could cause arbitrary command to execute.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
Affected Products (NVD)
VendorProductVersion
tobesoftxplatform
9.2
tobesoftxplatform
9.2.1
tobesoftxplatform
9.2.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://support.tobesoft.co.kr/Support/index.html
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30097
http://support.tobesoft.co.kr/Support/index.html
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30097