[Japanese]
|
JVNDB-2017-000069
|
Multiple installers of Toshiba memory card related software may insecurely load Dynamic Link Libraries
|
Multiple installers of Toshiba memory card related software contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
CVSS V3 Severity: Base Metrics 7.8 (High) [IPA Score]
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
CVSS V2 Severity: Base Metrics 6.8 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: Partial
- Availability Impact: Partial
|
|
TOSHIBA
- SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier
- SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier
- SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier
- SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier
- SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series<W-02>) V2.00.03 and earlier
- SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series<W-03>) V3.00.01
- SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier
|
|
Arbitrary code may be executed with the privilege of the user invoking the installer.
|
[Use the latest installers]
Use the latest installers according to the information provided by the developer.
Users who already have installed the software do not need to re-install the application, because this issue affects the installers only.
|
TOSHIBA
|
- No Mapping(CWE-Other) [IPA Evaluation]
|
- CVE-2017-2149
|
- JVN : JVN#05340816
- National Vulnerability Database (NVD) : CVE-2017-2149
|
- [2017/04/14]
Web page was published
[2017/12/21]
References : Content was added
|