[Japanese]

JVNDB-2007-000678

Fingerprint Authentication Software for Sony Pocket Bit installs hidden folders and files

Overview

Fingerprint Authentication Software for Sony Pocket Bit installs hidden folders and files, that is, the folders and files are not visible using ordinary system tools.

Some models of Sony Pocket Bit series contain Fingerprint Authentication Software. Fingerprint Authentication Software installs hidden folders and files, that is, the folders and files are not visible using ordinary system tools.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 2.6 (Low) [IPA Score]
  • Access Vector: Local
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


Sony Corporation
  • MicroVault Series USM64C (discontinued model)
  • MicroVault Series USM128C (discontinued model)
  • MicroVault Series USM256F (discontinued model)
  • MicroVault Series USM512FL (discontinued model)
  • PocketBit Series USM128F (discontinued model)
  • PocketBit Series USM512FL (discontinued model)

Impact

A remote attacker could use hidden folders for unintended purposes.
Solution

Sony provides the latest information on this problem on its website.
For more information, refer to the vendor's website.
Vendor Information

Sony Corporation
CWE (What is CWE?)

  1. No Mapping(CWE-DesignError) [NVD Evaluation]
CVE (What is CVE?)

  1. CVE-2007-4785
References

  1. JVN : JVN#35677737
  2. National Vulnerability Database (NVD) : CVE-2007-4785
Revision History

  • [2008/05/21]
      Web page published

Date Public2007/09/07
Date First Published2008/05/21
Date Last Updated2008/05/21