[Japanese]

JVNDB-2019-000026

Electronic reception and examination of application for radio licenses Offline may insecurely load Dynamic Link Libraries

Overview

Electronic reception and examination of application for radio licenses Offline contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 7.8 (High) [IPA Score]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
CVSS V2 Severity:
Base Metrics 6.8 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
Affected Products


Ministry of Internal Affairs and Communications
  • Electronic reception and examination of application for radio licenses Offline 1.0.9.0 and earlier

Impact

Arbitrary code may be executed with the privileges of the running software.
Solution

[Update the Software]
Update the software to the latest version according to the information provided by the developer.
Vendor Information

Ministry of Internal Affairs and Communications
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2019-5958
References

  1. JVN : JVNTA#91240916
  2. JVN : JVN#69903953
Revision History

  • [2019/05/10]
      Web page was published