본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2021-26630 | HANDY Groupware file download and execute vulnerability2022.05.19
□ Overview
 o Handysoft Co.,Ltd released security update to address improper input validation vulnerability in HANDY Groupware.
Vulnerability
Vulnerability Type Impact Severity CVSS Score CVE ID
improper input validation arbitrary file download
and execution
High 7.8 CVE-2021-26630

□ Description
 o Improper input validation vulnerability in HANDY Groupware’s ActiveX moudle allows attackers to download or execute arbitrary files.
 o This vulnerability can be exploited by using the file download or execution path as the parameter value of the vulnerable function.

□ Affected Product
Affected Product
Product Version Platform
HANDY Groupware prior of 1.7.4.6 Windows
prior of 2.0.3.6
prior of 4.0.1.7

□ Solution
 o Update software over HANDY Groupware 1.7.4.7 / 2.0.3.7 / 4.0.1.8 version or higher.

□ Reference
[1] https://www.handysoft.co.kr/product/product.html?seq=12

□ Acknowledgements
 o Thanks to Kim Heehyun for reporting this vulnerability.


□ 작성 : 침해사고분석단 취약점분석팀