An arbitrary file download and execution vulnerability was found in the HShell.dll of handysoft Co., Ltd groupware ActiveX module. This issue is due to missing support for integrity check of download URL or downloaded file hash.
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Hshell | Handysoft | 1.7.4.5 (including) | 1.7.4.5 (including) |
Hshell | Handysoft | 2.0.3.5 (including) | 2.0.3.5 (including) |
Hshell | Handysoft | 4.0.1.6 (including) | 4.0.1.6 (including) |