CVE-2019-19165
Last modified
CVE-2019-19165 is a high-severity vulnerability rated 7.2/10 on the CVSS scale. AxECM.cab(ActiveX Control) in Inogard Ebiz4u contains a vulnerability that could allow remote files to be downloaded and executed by setting arguments to the activeX method. Download of Code Without Integrity Check vulnerability in ActiveX control of Inogard Co,,LTD Ebiz4u ActiveX of Inogard Co,,LTD(AxECM.cab) allows ATTACKER to cause a file download to Windows user's folder and execute. EPSS estimates a 0.65% chance of exploitation in the next 30 days.
Description
AxECM.cab(ActiveX Control) in Inogard Ebiz4u contains a vulnerability that could allow remote files to be downloaded and executed by setting arguments to the activeX method. Download of Code Without Integrity Check vulnerability in ActiveX control of Inogard Co,,LTD Ebiz4u ActiveX of Inogard Co,,LTD(AxECM.cab) allows ATTACKER to cause a file download to Windows user's folder and execute. This issue affects: Inogard Co,,LTD Ebiz4u ActiveX of Inogard Co,,LTD(AxECM.cab) version 1.0.5.0 and later versions on windows 7/8/10.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Inogard | Activex | < 1.0.5.0 |
References
- http://www.ebiz4u.co.kr/home.doVendor Advisory
- https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35348Third Party Advisory
- http://www.ebiz4u.co.kr/home.doVendor Advisory
- https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35348Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-19165?
How severe is CVE-2019-19165?
How do I fix CVE-2019-19165?
Are you affected by CVE-2019-19165?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST