CVE-2020-7803 HIGH

CVE-2020-7803: Zoneplayer ActiveX File Download Vulnerability

Vendor Imgtech Co,Ltd
Product Zoneplayer
Weakness CWE-20 · Input validation
Published May 7, 2020
Last update August 4, 2024

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

IMGTech Co,Ltd ZInsX.ocx ActiveX Control in Zoneplayer 2.0.1.3, version 2.0.1.4 and prior versions on Windows. File Donwload vulnerability in ZInsX.ocx of IMGTech Co,Ltd Zoneplayer allows attacker to cause arbitrary code execution.

Key dates

02Disclosure timeline

May 7, 2020 CVE published
August 4, 2024 Record updated