|
[Japanese]
|
JVNDB-2018-000063
|
LINE for Windows may insecurely load Dynamic Link Libraries
|
|
LINE for Windows provided by LINE Corporation specifies the path to read DLL when launching software.
If a user launches LINE for Windows by clicking the specially crafted link prepared by a remote attacker, it may result in insecurely loading Dynamic Link Libraries (CWE-427).
LINE Corporation reported this vulnerability to JPCERT/CC to notify users of respective solutions through JVN.
|
|
CVSS V3 Severity:
Base Metrics 7.8 (High) [IPA Score]
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
CVSS V2 Severity:
Base Metrics 6.8 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: Partial
- Availability Impact: Partial
|
|
|
LINE Corporation
- LINE for Windows versions before 5.8.0
|
The developer states that version 5.8.0 and upper versions are not affected by this vulnerability.
|
|
Arbitrary code may be executed with the privilege of the user invoking the software.
|
|
[Update the Software]
Update the software to the latest version according to the information provided by the developer.
According to the developer, the version 5.8.0 which contains a fix for this vulnerability was released on 2018 May 31, and the update is automatically applied when launching software.
|
|
LINE Corporation
|
|
- No Mapping(CWE-Other) [IPA Evaluation]
|
|
- CVE-2018-0609
|
|
- JVN : JVN#92265618
- JVN : JVNTA#91240916
- National Vulnerability Database (NVD) : CVE-2018-0609
|
|
- [2018/06/12]
Web page was published
- [2019/07/01]
References : Content was added
|
