JVNDB-2024-000115

Chatwork Desktop Application (Windows) uses a potentially dangerous function

Chatwork Desktop Application (Windows) provided by kubell Co., Ltd. contains an issue with use of potentially dangerous function (CWE-676), which allows a user to access an external website via a link in the application.

RyotaK of Flatt Security Inc. directly reported this vulnerability to the developer and coordinated. After the coordination was completed, the developer reported this case to IPA under Information Security Early Warning Partnership to notify the users of the solution through JVN, and JPCERT/CC coordinated with the developer for JVN advisory publication.

kubell Co., Ltd.

• Chatwork Desktop Application for Windows versions prior to 2.9.2

If a user clicks a specially crafted link in the application, an arbitrary file may be downloaded from an external website and executed. As a result, arbitrary code may be executed on the device that runs Chatwork Desktop Application (Windows).

[Update the application]
Update the application to the latest version according to the information provided by the developer.

[Apply the workaround]
The developer states that the impacts of this vulnerability may be mitigated by disabling guest access of Windows OS SMB client function.

For more information, refer to the information provided by the developer.

kubell Co., Ltd.

• JVN : Information from kubell Co., Ltd.

1. No Mapping(CWE-Other) [IPA Evaluation]

1. CVE-2024-50307

1. JVN : JVN#78335885

• [2024/10/28]
    Web page was published