CVE-2019-19161 – CVE-2019-19161 is a vulnerability in CyMiInstal... (How to Fix)

Q: What is the severity of CVE-2019-19161?

CVE-2019-19161 has a CVSS score of 7.2 (HIGH). CVE-2019-19161 is a vulnerability in CyMiInstaller322 ActiveX that allows attackers to download and execute malicious DLL files due to insufficient verification during file downloads. This affects systems running MIPLATFORM applications that use this ActiveX component. Attackers can exploit this to achieve remote code execution on vulnerable systems.

📋 TL;DR

CVE-2019-19161 is a vulnerability in CyMiInstaller322 ActiveX that allows attackers to download and execute malicious DLL files due to insufficient verification during file downloads. This affects systems running MIPLATFORM applications that use this ActiveX component. Attackers can exploit this to achieve remote code execution on vulnerable systems.

💻 Affected Systems

Products:

CyMiInstaller322 ActiveX
MIPLATFORM applications using CyMiInstaller322

Versions: All versions prior to patched version

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires ActiveX to be enabled and MIPLATFORM applications using the vulnerable component.

📦 What is this software?

Cymiinstaller322 Activex by Cymiinstaller322 Activex Project

View all CVEs affecting Cymiinstaller322 Activex →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through remote code execution, allowing attackers to install malware, steal data, or pivot to other systems.

🟠

Likely Case

Malicious DLL execution leading to system compromise, data theft, or ransomware deployment.

🟢

If Mitigated

Limited impact with proper network segmentation, application whitelisting, and user privilege restrictions.

🌐 Internet-Facing: HIGH - ActiveX components in web applications can be exploited through malicious websites.

🏢 Internal Only: MEDIUM - Requires user interaction with malicious content but can spread within networks.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction (visiting malicious site or opening malicious document) but exploitation is straightforward once triggered.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Tobesoft vendor advisory for specific version

Vendor Advisory: https://www.tobesoft.com/Index.do

Restart Required: Yes

Instructions:

1. Contact Tobesoft for patch information. 2. Apply the official patch from Tobesoft. 3. Restart affected systems. 4. Verify patch installation.

🔧 Temporary Workarounds

Disable ActiveX in Internet Explorer

windows

Prevents exploitation through web-based vectors by disabling ActiveX controls

Set Internet Explorer security settings to disable ActiveX controls

Application Whitelisting

windows

Prevent unauthorized DLL execution through application control policies

Configure Windows AppLocker or similar whitelisting solution

🧯 If You Can't Patch

Implement network segmentation to isolate systems using MIPLATFORM
Use application control to block unauthorized DLL execution

🔍 How to Verify

Check if Vulnerable:

Check if CyMiInstaller322 ActiveX is installed and being used by MIPLATFORM applications

Check Version:

Check ActiveX component version through registry or vendor tools

Verify Fix Applied:

Verify patch installation through vendor-provided verification tools or version checks

📡 Detection & Monitoring

Log Indicators:

Unexpected DLL downloads via ActiveX
MIPLATFORM loading unfamiliar DLLs
Process creation from ActiveX components

Network Indicators:

HTTP requests to unusual domains for DLL downloads
ActiveX component contacting external servers

SIEM Query:

Process creation where parent process contains 'ActiveX' or 'MIPLATFORM' and loads DLL from unusual locations

📊 Metadata

CVE ID: CVE-2019-19161

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-426

Published: June 30, 2020

Last Updated: November 21, 2024

🔗 References

https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35479 Third Party Advisory
https://www.tobesoft.com/Index.do Third Party Advisory
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35479 Third Party Advisory
https://www.tobesoft.com/Index.do Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-19161, you might also want to check these: