Vulnerabilities > CVE-2019-19168 - Unspecified vulnerability in Raonwiz Dext5 2.7

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

raonwiz

critical

NVD

Published: 2020-05-06

Updated: 2020-05-19

Summary

Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulnerability, which could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution.

Vulnerable Configurations

Part	Description	Count
Application	Raonwiz Raonwiz Dext5 2.7	1
Application	Microsoft Microsoft Activex *	1

References

http://www.dext5.com/page/support/notice_view.aspx?pSeq=26
https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35352