Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for EyeSurfer BflyInstallerX.ocx by Bflysoft

    CVE-2020-7826 (GCVE-0-2020-7826)

    Vulnerability from nvd – Published: 2020-07-17 15:01 – Updated: 2024-09-17 04:04
    VLAI
    Summary
    EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions contain a vulnerability that could allow remote files to be download by setting the arguments to the vulnerable method. This can be leveraged for code execution. When the vulnerable method is called, they fail to properly check the parameters that are passed to it.
    CWE
    • CWE-494 - Download of Code Without Integrity Check
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bflysoft EyeSurfer BflyInstallerX.ocx Affected: 1.0.0.16 and earlier versions
    Create a notification for this product.
    Date Public
    2020-07-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:41:01.880Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35512"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EyeSurfer BflyInstallerX.ocx",
              "vendor": "Bflysoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0.16 and earlier versions"
                }
              ]
            }
          ],
          "datePublic": "2020-07-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions contain a vulnerability that could allow remote files to be download by setting the arguments to the vulnerable method. This can be leveraged for code execution. When the vulnerable method is called, they fail to properly check the parameters that are passed to it."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-494",
                  "description": "CWE-494 Download of Code Without Integrity Check",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-17T15:01:59.000Z",
            "orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
            "shortName": "krcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35512"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@krcert.or.kr",
              "DATE_PUBLIC": "2020-07-15T05:07:00.000Z",
              "ID": "CVE-2020-7826",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "EyeSurfer BflyInstallerX.ocx",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.0.0.16 and earlier versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bflysoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions contain a vulnerability that could allow remote files to be download by setting the arguments to the vulnerable method. This can be leveraged for code execution. When the vulnerable method is called, they fail to properly check the parameters that are passed to it."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-494 Download of Code Without Integrity Check"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35512",
                  "refsource": "CONFIRM",
                  "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35512"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
        "assignerShortName": "krcert",
        "cveId": "CVE-2020-7826",
        "datePublished": "2020-07-17T15:01:59.356Z",
        "dateReserved": "2020-01-22T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:04:52.364Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7826 (GCVE-0-2020-7826)

    Vulnerability from cvelistv5 – Published: 2020-07-17 15:01 – Updated: 2024-09-17 04:04
    VLAI
    Summary
    EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions contain a vulnerability that could allow remote files to be download by setting the arguments to the vulnerable method. This can be leveraged for code execution. When the vulnerable method is called, they fail to properly check the parameters that are passed to it.
    CWE
    • CWE-494 - Download of Code Without Integrity Check
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bflysoft EyeSurfer BflyInstallerX.ocx Affected: 1.0.0.16 and earlier versions
    Create a notification for this product.
    Date Public
    2020-07-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:41:01.880Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35512"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EyeSurfer BflyInstallerX.ocx",
              "vendor": "Bflysoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0.16 and earlier versions"
                }
              ]
            }
          ],
          "datePublic": "2020-07-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions contain a vulnerability that could allow remote files to be download by setting the arguments to the vulnerable method. This can be leveraged for code execution. When the vulnerable method is called, they fail to properly check the parameters that are passed to it."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-494",
                  "description": "CWE-494 Download of Code Without Integrity Check",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-17T15:01:59.000Z",
            "orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
            "shortName": "krcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35512"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@krcert.or.kr",
              "DATE_PUBLIC": "2020-07-15T05:07:00.000Z",
              "ID": "CVE-2020-7826",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "EyeSurfer BflyInstallerX.ocx",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.0.0.16 and earlier versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bflysoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions contain a vulnerability that could allow remote files to be download by setting the arguments to the vulnerable method. This can be leveraged for code execution. When the vulnerable method is called, they fail to properly check the parameters that are passed to it."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-494 Download of Code Without Integrity Check"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35512",
                  "refsource": "CONFIRM",
                  "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35512"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
        "assignerShortName": "krcert",
        "cveId": "CVE-2020-7826",
        "datePublished": "2020-07-17T15:01:59.356Z",
        "dateReserved": "2020-01-22T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:04:52.364Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }