|
[Japanese]
|
JVNDB-2016-002299
|
SaAT Netizen fails to properly verify downloaded installation and update files
|
|
SaAT Netizen contains a vulnerability where files downloaded for installation or an update are not properly verified.
The SaAT Netizen installer and SaAT Netizen contain a vulnerability where downloaded files are not properly verified during the installation or update process.
PinkFlyingWhale BlackWingCat reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
|
|
CVSS V3 Severity:
Base Metrics 5.6 (Medium) [IPA Score]
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
CVSS V2 Severity:
Base Metrics 6.8 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: Partial
- Availability Impact: Partial
|
|
|
NetMove Corporation
- SaAT Netizen ver.1.2.0.8 (Build427) and earlier
- SaAT Netizen installer ver.1.2.0.424 and earlier
|
|
|
A successful man-in-the-middle attack may result in a specially crafted file prepared by an attacker being downloaded and executed.
|
|
SaAT Netizen will be automatically updated to the updated version that addresses this vulnerability after rebooting the PC.
The developer has released an updated version of the SaAT Netizen installer that addresses this vulnerbaility.
[Re-install the software]
If running an affected version of SaAT Netizen, uninstall that version and re-install SaAT Netizen using the newest available version of the installer.
|
|
NetMove Corporation
|
|
- No Mapping(CWE-noinfo) [NVD Evaluation]
|
|
- CVE-2016-1203
|
|
- JVN : JVNVU#97339542
- National Vulnerability Database (NVD) : CVE-2016-1203
|
|
- [2016/12/05]
Web page was published
- [2024/06/27]
CWE was modified
References : Content was added
|
