|
[Japanese]
|
JVNDB-2026-000083
|
CamView installer insecurely loads Dynamic Link Libraries
|
|
CamView installer provided by ARUCOM Inc. insecurely loads Dynamic Link Libraries.- Uncontrolled search path element (CWE-427) - CVE-2015-9268
- The CVSS evaluation above assume that a victim user is directed to download and place a specially crafted DLL file with the affected installer and to execute the installer.
Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
|
CVSS V3 Severity:
Base Metrics 7.8 (High) [IPA Score]
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
|
CVSS v4 Severity
Base Metrics: 8.4 (High) [IPA Score]
- Access Vector (AV): Local
- Attack Complexity (AC): Low
- Attack Requirements (AT): None
- Privileges Required (PR): None
- User Interaction (UI): Active
Vulnerable System Impact
- Confidentiality Impact (VC): High
- Integrity Impact (VI): High
- Availability Impact (VA): High
Subsequent System Impact
- Confidentiality Impact (SC): None
- Integrity Impact (SI): None
- Availability Impact (SA): None
|
|
|
ARUCOM Inc.
- CamView (32-bit) versions prior to 3.3.21
- CamView (64-bit) versions prior to 3.4.3
|
|
|
If there is a crafted DLL at the same directory when invoking the affected installer, arbitrary code may be executed with the privilege of the user.
|
|
[Use the latest installer]
The developer has released the following versions to address the vulnerability. - CamView (32-bit version) 3.3.21
- CamView (64-bit version) 3.4.3
|
|
ARUCOM Inc.
|
|
- No Mapping(CWE-Other) [IPA Evaluation]
|
|
- CVE-2015-9268
|
|
- JVN : JVN#27656135
- JVN : JVNTA#91240916
|
|
- [2026/06/09]
Web page was published
|
