|
[Japanese]
|
JVNDB-2017-000105
|
RW-4040 tool to verify execution environment may insecurely load Dynamic Link Libraries
|
|
RW-4040 tool to verify execution environment for IC Card Reader/Writer devices provided by Sharp Corporation contains an issue with the DLL search path, which may lead to insecurely load Dynamic Link Libraries (CWE-427).
Yuji Tounai of NTT Communications Corporation and BlackWingCat of PinkFlyingWhale reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
|
CVSS V3 Severity:
Base Metrics 7.8 (High) [IPA Score]
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
CVSS V2 Severity:
Base Metrics 6.8 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: Partial
- Availability Impact: Partial
|
|
|
Sharp Corporation
- RW-4040 tool to verify execution environment for Windows 7 version 1.2.0.0A (RW4040Test_A_win7V.exe) and earlier
|
|
|
Arbitrary code may be executed with the privilege of the user invoking the tool.
|
|
[Use the latest version of the tool to verify execution environment]
Use the latest version of the tool according to the information provided by the developer.
The following versions address the issue.
* RW-4040 tool to verify execution environment for Windows 7 version 1.3.0.0 (RW4040Test_win7.exe)
|
|
Sharp Corporation
|
|
- No Mapping(CWE-Other) [IPA Evaluation]
|
|
- CVE-2017-2190
|
|
- JVN : JVN#51274854
- JVN : JVNTA#91240916
- National Vulnerability Database (NVD) : CVE-2017-2190
|
|
- [2017/06/01]
Web page was published
[2017/08/23]
Overview was modified
Affected Products : Product version was modified
Solution was modified
[2018/01/24]
References : Content was added
|
