CVE-2020-7850 – CVE-2020-7850 is an argument injection vulnerab... (How to Fix)

Q: What is the severity of CVE-2020-7850?

CVE-2020-7850 has a CVSS score of 7.8 (HIGH). CVE-2020-7850 is an argument injection vulnerability in the NBBDownloader.ocx ActiveX control in Groupware that allows remote file download and execution. Attackers can craft malicious web pages to exploit this when users visit them, potentially leading to malware infection. This affects users of Groupware with the vulnerable ActiveX control installed.

📋 TL;DR

CVE-2020-7850 is an argument injection vulnerability in the NBBDownloader.ocx ActiveX control in Groupware that allows remote file download and execution. Attackers can craft malicious web pages to exploit this when users visit them, potentially leading to malware infection. This affects users of Groupware with the vulnerable ActiveX control installed.

💻 Affected Systems

Products:

Groupware

Versions: Versions containing NBBDownloader.ocx ActiveX control (specific version range not specified in references)

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Internet Explorer or other browsers with ActiveX support enabled. Modern browsers with ActiveX disabled by default are less vulnerable.

📦 What is this software?

Nbbdownloader.ocx by Douzone

View all CVEs affecting Nbbdownloader.ocx →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through remote code execution, leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Malware infection through drive-by download attacks when users visit compromised or malicious websites.

🟢

If Mitigated

Limited impact with proper browser security settings, ActiveX controls disabled, or application whitelisting in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction (visiting malicious webpage) but no authentication. Attack vector is straightforward once malicious page is crafted.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in available references

Vendor Advisory: http://help.neobizbox.com/

Restart Required: Yes

Instructions:

1. Check vendor advisory at http://help.neobizbox.com/ 2. Apply latest Groupware update 3. Restart affected systems 4. Verify NBBDownloader.ocx is updated

🔧 Temporary Workarounds

Disable ActiveX in Internet Explorer

windows

Prevents ActiveX controls from running in Internet Explorer

Internet Options → Security tab → Custom level → Disable ActiveX controls and plug-ins

Kill-bit the vulnerable control

windows

Prevents the specific ActiveX control from loading

reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CLSID}" /v "Compatibility Flags" /t REG_DWORD /d 0x400 /f

🧯 If You Can't Patch

Use browsers that don't support ActiveX (Chrome, Firefox, Edge Chromium)
Implement application whitelisting to block NBBDownloader.ocx execution

🔍 How to Verify

Check if Vulnerable:

Check if NBBDownloader.ocx exists in system and check its version against patched versions from vendor

Check Version:

wmic datafile where name="C:\\path\\to\\NBBDownloader.ocx" get version

Verify Fix Applied:

Verify NBBDownloader.ocx file version matches patched version from vendor advisory

📡 Detection & Monitoring

Log Indicators:

Internet Explorer/ActiveX logs showing NBBDownloader.ocx loading
Process creation from Internet Explorer spawning unexpected executables

Network Indicators:

HTTP requests to unusual domains from Internet Explorer process
Downloads of executable files via browser

SIEM Query:

process_name:iexplore.exe AND (process_child_name:*.exe OR file_create:*.exe)

📊 Metadata

CVE ID: CVE-2020-7850

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-88

Published: March 29, 2021

Last Updated: November 21, 2024

🔗 References

http://help.neobizbox.com/ Vendor Advisory
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35982 Not Applicable,Third Party Advisory
http://help.neobizbox.com/ Vendor Advisory
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35982 Not Applicable,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-7850, you might also want to check these: