CVE-2020-7813 HIGH

CVE-2020-7813: Kaoni ezHTTPTrans Active-X File Download and Execution Vulnerability

Vendor Kaoni
Product ezHTTPTrans
Weakness CWE-494 · Download without integrity check
Published May 22, 2020
Last update August 4, 2024

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download and execute arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution.

Key dates

02Disclosure timeline

May 22, 2020 CVE published
August 4, 2024 Record updated