CVE-2018-5197

Description

A vulnerability in the ExtCommon.dll user extension module version 9.2, 9.2.1, 9.2.2 of Xplatform ActiveX could allow attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command parameters. An crafted malicious parameters could cause arbitrary command to execute.

CVSS Version 3.0
CVSS Version 2.0

nvd
CVE ID: CVE-2018-5197
Base Score: 7.8
Base Severity: HIGH
Vector String:CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

nvd
CVE ID: CVE-2018-5197
Base Score: 6.8
Base Severity: MEDIUM
Vector String:AV:N/AC:M/Au:N/C:P/I:P/A:P

Refrence: NVD

Description​

Description