Warning for MagicLine4NX (Certificate Solution) Vulnerability and Update Recommended

Vulnerable Software and Overview

MagicLine4NX is a non-ActiveX joint certificate program developed by the Korean company, Dream Security. Users can use MagicLine4NX to perform logins with a joint certificate and digitally sign transactions. This program is registered as a Startup Program and will be relaunched by a certain service (MagicLine4NXServices.exe) even if it is terminated. It remains constantly active as a process once it is installed, so it can be exposed to vulnerability attacks. Thus, it needs to be updated to the latest version.

Description of the Vulnerability

This vulnerability was first discovered and reported by AhnLab and the remote code execution vulnerability (RCE) can occur on vulnerable versions of MagicLine4NX.

Patch Target and Versions

MagicLine4NX versions

Vulnerability Exploitation Log (Lazarus)

AhnLab’s ASD (AhnLab Smart Defense) infrastructure confirmed the exploitation of this vulnerability.  The threat actor exploited this vulnerability to perform an injection into the svchost.exe process before downloading and executing their malware.

Figure 1. Vulnerability log from ASD


Deletion procedure in the case a vulnerable version of MagicLineNX is installed

  • How to check the version
    • Go to [My Computer] – [Local Disk(C:\)] – [Program Files(x86)] – [DreamSecurity] – [MagicLine4NX]
    • Right click on MagicLine4NX – Properties – Details – Check file version
Figure 2. Checking the MagicLine4NX version
  • How to uninstall the program (select 1)
    • [Start] – [System] – [Control Panel] – [Programs and Features] – Select MagicLineNX – Click [Uninstall]
    • Go to [My Computer] – [Local Disk(C:\)] – [Program Files(x86)] – [DreamSecurity] – [MagicLine4NX] – Execute MagicLine4NX_Uninstall.exe




  1. https://knvd.krcert.or.kr/detailSecNo.do?IDX=5887
  2. https://atip.ahnlab.com/ti/contents/security-advisory?i=f11a94eb-ac24-4feb-9552-3af49c8e6afd
  3. https://atip.ahnlab.com/ti/contents/issue-report/forensic?i=ab4b6510-f7b0-46ef-9cd3-3489348b2de4

Subscribe to AhnLab’s next-generation threat intelligence platform ‘AhnLab TIP’ to check related IOC and detailed analysis information.

0 0 votes
Article Rating
Notify of

Inline Feedbacks
View all comments

[…] post Warning for MagicLine4NX (Certificate Solution) Vulnerability and Update Recommended appeared first on ASEC […]


[…] 그룹은 초기 침투를 위해 Log4Shell, 공동 인증서 취약점, 3CX 공급망 공격 등 다양한 공격 벡터를 사용하며 매우 위협적이고 전 […]