Command Injection Vulnerability in ExtCommon.dll User Extension Module

Command Injection Vulnerability in ExtCommon.dll User Extension Module

CVE-2018-5197 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

A vulnerability in the ExtCommon.dll user extension module version 9.2, 9.2.1, 9.2.2 of Xplatform ActiveX could allow attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command parameters. An crafted malicious parameters could cause arbitrary command to execute.

Learn more about our User Device Pen Test.