Arbitrary File Download and Execution Vulnerability in HShell.dll

Arbitrary File Download and Execution Vulnerability in HShell.dll

CVE-2021-26608 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An arbitrary file download and execution vulnerability was found in the HShell.dll of handysoft Co., Ltd groupware ActiveX module. This issue is due to missing support for integrity check of download URL or downloaded file hash.

Learn more about our Web Application Penetration Testing UK.