Login Sign Up

CVE-2022-23763

7.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability in NeoRS's ActiveX module allows attackers to bypass origin validation and trick users into downloading and executing arbitrary malicious files. Attackers can exploit this by luring victims to specially crafted web pages, potentially leading to system compromise. Users of affected NeoRS software with the vulnerable ActiveX component are at risk.

💻 Affected Systems

Products:
  • NeoRS software with vulnerable ActiveX module
Versions: Specific versions not detailed in provided references; all versions with vulnerable ActiveX component are affected
Operating Systems: Windows (ActiveX is Windows-specific)
Default Config Vulnerable: ⚠️ Yes
Notes: Requires ActiveX to be enabled and user interaction with malicious web content

📦 What is this software?

Neors by Douzone

View all CVEs affecting Neors →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover through remote code execution, data theft, ransomware deployment, and persistent backdoor installation.

🟠

Likely Case

Malware infection leading to credential theft, data exfiltration, or system disruption through user interaction with malicious web content.

🟢

If Mitigated

Limited impact with proper web filtering, endpoint protection, and user awareness preventing successful exploitation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user interaction but is technically simple once the victim visits a malicious page

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in provided references

Vendor Advisory: https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66788

Restart Required: Yes

Instructions:

1. Contact NeoRS vendor for patch details. 2. Apply available security updates. 3. Restart affected systems. 4. Verify ActiveX module is updated.

🔧 Temporary Workarounds

Disable ActiveX in Internet Explorer

windows

Prevents the vulnerable ActiveX control from executing

Navigate to Internet Options > Security > Custom Level > ActiveX controls and plug-ins > Set to Disable

Use alternative browsers

windows

Switch to browsers that don't support ActiveX (Chrome, Firefox, Edge)

🧯 If You Can't Patch

  • Implement strict web filtering to block malicious sites
  • Deploy application whitelisting to prevent unauthorized executables

🔍 How to Verify

Check if Vulnerable:

Check if NeoRS ActiveX module is installed and enabled in Internet Explorer

Check Version:

Check ActiveX control properties in Internet Explorer or Windows Registry

Verify Fix Applied:

Verify ActiveX module version matches patched version from vendor

📡 Detection & Monitoring

Log Indicators:

  • Unexpected file downloads via ActiveX
  • Suspicious process execution from temporary directories

Network Indicators:

  • HTTP requests to unusual domains followed by file downloads
  • Outbound connections from newly spawned processes

SIEM Query:

Process creation where parent process is iexplore.exe and command line contains download/execute patterns

📊 Metadata

CVE ID: CVE-2022-23763
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-346
Published: June 28, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-23763, you might also want to check these:

CVE-2023-25366 9.8

This vulnerability in Siglent SDS oscilloscopes allows attackers to retrieve the web interface passw...

Same vulnerability type (CWE-346)
CVE-2024-8487 9.8

This CVE describes a Cross-Origin Resource Sharing (CORS) misconfiguration in modelscope/agentscope ...

Same vulnerability type (CWE-346)
CVE-2026-2790 9.8

This CVE describes a same-origin policy bypass vulnerability in Firefox's JAR (Java Archive) network...

Same vulnerability type (CWE-346)