CVE-2020-7826 HIGH

CVE-2020-7826

Vendor Bflysoft
Product EyeSurfer BflyInstallerX.ocx
Weakness CWE-494 · Download without integrity check
Published July 17, 2020
Last update September 17, 2024

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions contain a vulnerability that could allow remote files to be download by setting the arguments to the vulnerable method. This can be leveraged for code execution. When the vulnerable method is called, they fail to properly check the parameters that are passed to it.

Key dates

02Disclosure timeline

July 17, 2020 CVE published
September 17, 2024 Record updated