|
[Japanese]
|
JVNDB-2026-000075
|
Bytello Share (Windows Edition) installer executable insecurely loads Dynamic Link Libraries
|
|
GUARDIANWALL MailSuite provided by Canon Marketing Japan Inc. contains the following vulnerability.
- Stack-based buffer overflow in pop3wallpasswd command (CWE-121) - CVE-2026-32661
The developer states that attacks exploiting the vulnerability has been observed in GUARDIANWALL MailSuite (On-premises version).
Canon Marketing Japan Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
JPCERT/CC and Canon Marketing Japan Inc. coordinated under the Information Security Early Warning Partnership.
|
|
CVSS V3 Severity:
Base Metrics 7.8 (High) [IPA Score]
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
|
CVSS v4 Severity
Base Metrics: 8.4 (High) [IPA Score]
- Access Vector (AV): Local
- Attack Complexity (AC): Low
- Attack Requirements (AT): None
- Privileges Required (PR): None
- User Interaction (UI): Active
Vulnerable System Impact
- Confidentiality Impact (VC): High
- Integrity Impact (VI): High
- Availability Impact (VA): High
Subsequent System Impact
- Confidentiality Impact (SC): None
- Integrity Impact (SI): None
- Availability Impact (SA): None
|
|
|
Bytello Ltd.
- Bytello Share (Windows Edition) versions prior to 5.13.0.4246
|
|
|
If there is a crafted DLL at the same directory when invoking the affected installer, arbitrary code may be executed with the privilege of the user invoking the installer.
|
|
[Use the latest installer]
The latest version 5.13.0.4246 is provided as the MSI installation package.
|
|
Bytello Ltd.
|
|
- No Mapping(CWE-Other) [IPA Evaluation]
|
|
- CVE-2026-44612
|
|
- JVN : JVN#98871848
- JVN : JVNTA#91240916
|
|
- [2026/05/13]
Web page was published
|
