CVE-2019-19165 - OpenCVE

AxECM.cab(ActiveX Control) in Inogard Ebiz4u contains a vulnerability that could allow remote files to be downloaded and executed by setting arguments to the activeX method. Download of Code Without Integrity Check vulnerability in ActiveX control of Inogard Co,,LTD Ebiz4u ActiveX of Inogard Co,,LTD(AxECM.cab) allows ATTACKER to cause a file download to Windows user's folder and execute. This issue affects: Inogard Co,,LTD Ebiz4u ActiveX of Inogard Co,,LTD(AxECM.cab) version 1.0.5.0 and later versions on windows 7/8/10.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Inogard	Activex
Microsoft	Windows 10 Windows 7 Windows 8

Configuration 1 [-]

AND

OR	cpe:2.3:o:microsoft:windows_10:-:::::::*
	cpe:2.3:o:microsoft:windows_7:-:::::::*
	cpe:2.3:o:microsoft:windows_8:-:::::::*

cpe:2.3:a:inogard:activex:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.ebiz4u.co.kr/home.do
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35348

History

No history.

MITRE

Status: PUBLISHED

Assigner: krcert

Published: 2020-04-29T15:02:36.447265Z

Updated: 2024-09-16T22:50:24.517Z

Reserved: 2019-11-21T00:00:00

Link: CVE-2019-19165

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-04-29T16:15:11.667

Modified: 2020-05-11T18:28:52.833

Link: CVE-2019-19165

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Ebiz4u ActiveX of Inogard Co,,LTD(AxECM.cab) on Windows 7/8/10", "vendor": "Inogard Co,,LTD", "versions": [{"status": "affected", "version": "1.0.5.0 and later"}]}], "datePublic": "2020-04-29T00:00:00", "descriptions": [{"lang": "en", "value": "AxECM.cab(ActiveX Control) in Inogard Ebiz4u contains a vulnerability that could allow remote files to be downloaded and executed by setting arguments to the activeX method. Download of Code Without Integrity Check vulnerability in ActiveX control of Inogard Co,,LTD Ebiz4u ActiveX of Inogard Co,,LTD(AxECM.cab) allows ATTACKER to cause a file download to Windows user's folder and execute. This issue affects: Inogard Co,,LTD Ebiz4u ActiveX of Inogard Co,,LTD(AxECM.cab) version 1.0.5.0 and later versions on windows 7/8/10."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-494", "description": "CWE-494 Download of Code Without Integrity Check", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-04-29T15:02:36", "orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863", "shortName": "krcert"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.ebiz4u.co.kr/home.do"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35348"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vuln@krcert.or.kr", "DATE_PUBLIC": "2020-04-29T01:57:00.000Z", "ID": "CVE-2019-19165", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Ebiz4u ActiveX of Inogard Co,,LTD(AxECM.cab) on Windows 7/8/10", "version": {"version_data": [{"version_value": "1.0.5.0 and later"}]}}]}, "vendor_name": "Inogard Co,,LTD"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "AxECM.cab(ActiveX Control) in Inogard Ebiz4u contains a vulnerability that could allow remote files to be downloaded and executed by setting arguments to the activeX method. Download of Code Without Integrity Check vulnerability in ActiveX control of Inogard Co,,LTD Ebiz4u ActiveX of Inogard Co,,LTD(AxECM.cab) allows ATTACKER to cause a file download to Windows user's folder and execute. This issue affects: Inogard Co,,LTD Ebiz4u ActiveX of Inogard Co,,LTD(AxECM.cab) version 1.0.5.0 and later versions on windows 7/8/10."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-494 Download of Code Without Integrity Check"}]}]}, "references": {"reference_data": [{"name": "http://www.ebiz4u.co.kr/home.do", "refsource": "CONFIRM", "url": "http://www.ebiz4u.co.kr/home.do"}, {"name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35348", "refsource": "CONFIRM", "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35348"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T02:09:39.330Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.ebiz4u.co.kr/home.do"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35348"}]}]}, "cveMetadata": {"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863", "assignerShortName": "krcert", "cveId": "CVE-2019-19165", "datePublished": "2020-04-29T15:02:36.447265Z", "dateReserved": "2019-11-21T00:00:00", "dateUpdated": "2024-09-16T22:50:24.517Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*", "matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D229E41-A971-4284-9657-16D78414B93F", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:inogard:activex:*:*:*:*:*:*:*:*", "matchCriteriaId": "691C1233-AF1A-4CE8-B24C-4F451507105F", "versionEndExcluding": "1.0.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "AxECM.cab(ActiveX Control) in Inogard Ebiz4u contains a vulnerability that could allow remote files to be downloaded and executed by setting arguments to the activeX method. Download of Code Without Integrity Check vulnerability in ActiveX control of Inogard Co,,LTD Ebiz4u ActiveX of Inogard Co,,LTD(AxECM.cab) allows ATTACKER to cause a file download to Windows user's folder and execute. This issue affects: Inogard Co,,LTD Ebiz4u ActiveX of Inogard Co,,LTD(AxECM.cab) version 1.0.5.0 and later versions on windows 7/8/10."}, {"lang": "es", "value": "AxECM.cab(ActiveX Control) en Inogard Ebiz4u, contiene una vulnerabilidad que podr\u00eda permitir que archivos remotos se descarguen y se ejecuten al establecer argumentos en el m\u00e9todo ActiveX. Una Vulnerabilidad de Descarga de C\u00f3digo Sin Comprobaci\u00f3n de Integridad en el control ActiveX de Inogard Co,LTD Ebiz4u ActiveX de Inogard Co,LTD(AxECM.cab), permite a un ATACANTE causar una descarga de archivos en la carpeta de usuario de Windows y ejecutarlos. Este problema afecta: Inogard Co,LTD Ebiz4u ActiveX de Inogard Co,LTD(AxECM.cab) versi\u00f3n 1.0.5.0 y versiones posteriores en Windows 7/8/10."}], "id": "CVE-2019-19165", "lastModified": "2020-05-11T18:28:52.833", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "vuln@krcert.or.kr", "type": "Secondary"}]}, "published": "2020-04-29T16:15:11.667", "references": [{"source": "vuln@krcert.or.kr", "tags": ["Vendor Advisory"], "url": "http://www.ebiz4u.co.kr/home.do"}, {"source": "vuln@krcert.or.kr", "tags": ["Third Party Advisory"], "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35348"}], "sourceIdentifier": "vuln@krcert.or.kr", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-494"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-494"}], "source": "vuln@krcert.or.kr", "type": "Secondary"}]}