|
[Japanese]
|
JVNDB-2017-000104
|
RW-4040 driver installer may insecurely load Dynamic Link Libraries
|
|
RW-4040 driver installer for IC Card Reader/Writer devices provided by Sharp Corporation contains an issue with the DLL search path, which may lead to insecurely load Dynamic Link Libraries (CWE-427).
Yuji Tounai of NTT Communications Corporation and BlackWingCat of PinkFlyingWhale reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
|
CVSS V3 Severity:
Base Metrics 7.8 (High) [IPA Score]
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
CVSS V2 Severity:
Base Metrics 6.8 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: Partial
- Availability Impact: Partial
|
|
|
Sharp Corporation
- RW-4040 Driver Installer for Windows 7 version 2.27A (RW4040V2.27_A_win7V.exe) and earlier
|
|
|
Arbitrary code may be executed with the privilege of the user invoking the installer.
|
|
[Use the latest installer]
Use the latest installer according to the information provided by the developer.
The following versions address the issue.
* RW-4040 driver installer for Windows 7 version 2.2.7.1 (RW40Inst.exe)
Users who already have installed the driver software do not need to re-install the software, because this issue affects the installers only.
|
|
Sharp Corporation
|
|
- No Mapping(CWE-Other) [IPA Evaluation]
|
|
- CVE-2017-2189
|
|
- JVN : JVN#51274854
- JVN : JVNTA#91240916
- National Vulnerability Database (NVD) : CVE-2017-2189
|
|
- [2017/06/01]
Web page was published
[2017/08/23]
Overview was modified
Affected Products : Product version was modified
Solution was modified
[2018/01/24]
References : Content was added
|
