Arbitrary File Download and Execution Vulnerability in Yes24ViewerX ActiveX Control

Arbitrary File Download and Execution Vulnerability in Yes24ViewerX ActiveX Control

CVE-2019-12809 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Yes24ViewerX ActiveX Control 1.0.327.50126 and earlier versions contains a vulnerability that could allow remote attackers to download and execute arbitrary files by setting the arguments to the ActiveX method. This can be leveraged for code execution.

Learn more about our Web Application Penetration Testing UK.