CVE-2020-7804

CVE Database · CVE-2020-7804

CVE-2020-7804

· MEDIUMModified

CVSS v3.1

6.4

EPSS

0.97%

Published

Apr 29, 2020

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7, 8, and 10 allows an attacker to execute arbitrary command via the ShellExec method.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:H

Weaknesses (CWE)

CWE-78CWE-78

Affected Products (4)

handysoft · groupwarevulnerable

microsoft · windows_10

microsoft · windows_7

microsoft · windows_8

References (4)

http://www.handysoft.co.kr/product/product.html?seq=12

Vendor Advisory

https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35368

Third Party Advisory

http://www.handysoft.co.kr/product/product.html?seq=12

Vendor Advisory

https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35368

Third Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs