Zoneplayer 2.0.1.3 Insufficient Information Vulnerability

Summary

ZInsX.ocx ActiveX Control in Zoneplayer contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code infection.

Credit:

The information has been provided by Donghyun Yu

The original article can be found at:http://www.zoneplayer.co.kr/


Details

IMGTech Co,Ltd ZInsX.ocx ActiveX Control in Zoneplayer 2.0.1.3, version 2.0.1.4 and prior versions on Windows. File Donwload vulnerability in ZInsX.ocx of IMGTech Co,Ltd Zoneplayer allows attacker to cause arbitrary code execution.

 

Vulnerable Systems:

Zoneplayer 2.0.1.3

Zoneplayer 2.0.1.4 and prior

 

CVE Information:

CVE-2020-7803

 

Disclosure Timeline:
Published Date:5/7/2020

Categories: News