Arbitrary File Download and Code Execution Vulnerability in Ezhttptrans.ocx ActiveX Control

Arbitrary File Download and Code Execution Vulnerability in Ezhttptrans.ocx ActiveX Control

CVE-2020-7812 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution by rebooting the victim’s PC.

Learn more about our Web Application Penetration Testing UK.