Arbitrary Command Execution via ActiveX Control ShellOpen Method in MyBuilder

Arbitrary Command Execution via ActiveX Control ShellOpen Method in MyBuilder

CVE-2019-12811 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

ActiveX Control in MyBuilder before 6.2.2019.814 allow an attacker to execute arbitrary command via the ShellOpen method. This can be leveraged for code execution

Learn more about our Web Application Penetration Testing UK.