Arbitrary File Download and Execution Vulnerability in Yes24ViewerX ActiveX Control
CVE-2019-12809 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Yes24ViewerX ActiveX Control 1.0.327.50126 and earlier versions contains a vulnerability that could allow remote attackers to download and execute arbitrary files by setting the arguments to the ActiveX method. This can be leveraged for code execution.
Learn more about our Web Application Penetration Testing UK.