CVE-2022-23763 HIGH

CVE-2022-23763: DOUZONE BIZON NeoRS file download and execute vulnerability

Vendor Douzone Bizon Co.,Ltd
Product NeoRS
Weakness CWE-346 · Origin validation
Published June 28, 2022
Last update August 3, 2024

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Origin validation error vulnerability in NeoRS’s ActiveX moudle allows attackers to download and execute arbitrary files. Remote attackers can use this vulerability to encourage users to access crafted web pages, causing damage such as malicious code infections.

Key dates

02Disclosure timeline

June 28, 2022 CVE published
August 3, 2024 Record updated