□ Overview
o Helpu released security update to address arbitrary file creation vulnerability in Helpu.(remote administration solution)
Vulnerability
| Vulnerability Type |
Impact |
Severity |
CVSS Score |
CVE ID |
| Improper input validation |
arbitrary file creation
and execution |
High |
8.0 |
CVE-2020-7867 |
□ Description
o An improper input validation vulnerability in Helpu solution allow a local attacker to arbitrary file creation and execution without click file transfer menu.
o It is possible to file in arbitrary directory for user because the viewer program receive the file from agent program with privilege of administrator.
□ Affected Product
Affected Product
| Product |
Version |
Platform |
| HelpuViewer.exe |
2018.5.21.0 |
Windows |
□ Solution
o Update software over HelpuViewer.exe 2020.11.20.0 version or higher.
□ Reference
[1] https://helpu.co.kr/helpu/helpu.html
□ Etc
o Thanks to Jeongun Baek for reporting this vulnerability.
□ 작성 : 침해사고분석단 취약점분석팀 |
