JVNDB-2018-000014

Application and self-extracting archive containing the application of "FLET'S v4 / v6 address selection tool" may insecurely load Dynamic Link Libraries

Application and self-extracting archive containing the application of "FLET'S v4 / v6 address selection tool" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).

Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION

• FLET'S v4/v6 address selection tool

Arbitrary code may be executed with the privilege of the user invoking the application or the self-extracting archive.

[Do not use "FLET'S v4 / v6 address selection tool"]
Distribution and support of "FLET'S v4 / v6 address selection tool" was ended as of 2018 February 7.
Stop using "FLET'S v4 / v6 address selection tool".

If "FLET'S v4 / v6 address selection tool" obtained from the website before 2018 February 7 resides in your computer and has not yet been installed, do not install it. Delete the executable file immediately.

NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION

• Nippon Telegraph and Telephone West Corporation : NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION website (in Japanese)

1. No Mapping(CWE-Other) [IPA Evaluation]

1. CVE-2018-0516

1. JVN : JVN#87403477
2. JVN : JVNTA#91240916
3. National Vulnerability Database (NVD) : CVE-2018-0516

• [2018/02/13]
    Web page was published
• [2018/04/11]
    References : Content was added