CVE-2019-12809

CVE-2019-12809

Vendor Yes24
Product YES24 PC VIEWER
Weakness CWE-494 · Download without integrity check
Published August 15, 2019
Last update August 4, 2024

CVSS base score

What the vulnerability does

01Description

Yes24ViewerX ActiveX Control 1.0.327.50126 and earlier versions contains a vulnerability that could allow remote attackers to download and execute arbitrary files by setting the arguments to the ActiveX method. This can be leveraged for code execution.

Key dates

02Disclosure timeline

August 15, 2019 CVE published
August 4, 2024 Record updated