CVE-2020-7873
📋 TL;DR
This vulnerability in Younglimwon Co., Ltd's ActiveX control allows attackers to download and execute arbitrary files without integrity verification. It affects systems using this vulnerable ActiveX component, typically in Windows environments with Internet Explorer. Attackers can exploit this to install malware or gain unauthorized access.
💻 Affected Systems
- Younglimwon Co., Ltd ActiveX control
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through remote code execution, leading to data theft, ransomware deployment, or persistent backdoor installation.
Likely Case
Malware installation through drive-by downloads when users visit malicious websites, resulting in credential theft or system disruption.
If Mitigated
Limited impact with proper application whitelisting, ActiveX controls disabled, and users not browsing untrusted sites.
🎯 Exploit Status
Simple exploitation through malicious web pages; no authentication required beyond user visiting site.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Updated ActiveX control from vendor
Vendor Advisory: https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36233
Restart Required: Yes
Instructions:
1. Contact Younglimwon Co., Ltd for updated ActiveX control. 2. Uninstall vulnerable version. 3. Install patched version. 4. Restart system.
🔧 Temporary Workarounds
Disable ActiveX in Internet Explorer
windowsPrevents ActiveX controls from running in IE, blocking exploitation.
Set Internet Options > Security > Custom Level > ActiveX controls and plug-ins > Disable
Use Application Control
windowsBlock execution of the vulnerable ActiveX control using AppLocker or similar.
AppLocker: Create rule to block Younglimwon ActiveX CLSID
🧯 If You Can't Patch
- Disable Internet Explorer and use alternative browsers without ActiveX support.
- Implement network filtering to block access to untrusted websites and monitor for suspicious downloads.
🔍 How to Verify
Check if Vulnerable:
Check if Younglimwon ActiveX control is installed via Windows Programs and Features or registry (HKEY_CLASSES_ROOT\CLSID).Check Version:
reg query HKCR\CLSID\{Younglimwon-GUID} /v VersionVerify Fix Applied:
Verify updated version is installed and check vendor advisory for version numbers.📡 Detection & Monitoring
Log Indicators:
- Internet Explorer logs showing ActiveX loading, Windows Event Logs for process creation from iexplore.exe
Network Indicators:
- HTTP downloads of executable files initiated by IE, connections to suspicious domains
SIEM Query:
source="Windows Security" event_id=4688 process_name="iexplore.exe" AND parent_process_name="explorer.exe"