[Japanese]

JVNDB-2026-000084

Improper file access permission settings in the installers for Optical Disc Archive Software for Windows

Overview

Optical Disc Archive Software for Windows provided by Sony Corporation contains the following vulnerability.
  • Incorrect default permissions (CWE-276) - CVE-2026-50255
Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 6.7 (Medium) [IPA Score]
  • Attack Vector: Local
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
CVSS v4 Severity
Base Metrics: 5.4 (Medium) [IPA Score]
  • Access Vector (AV): Local
  • Attack Complexity (AC): Low
  • Attack Requirements (AT): Present
  • Privileges Required (PR): Low
  • User Interaction (UI): Passive
    • Vulnerable System Impact
  • Confidentiality Impact (VC): High
  • Integrity Impact (VI): High
  • Availability Impact (VA): High
    • Subsequent System Impact
  • Confidentiality Impact (SC): None
  • Integrity Impact (SI): None
  • Availability Impact (SA): None
Affected Products


Sony Corporation
  • Optical Disc Archive Software for Windows 5.5.3 and earlier

Impact

Arbitrary code may be executed with SYSTEM privileges.
Solution

[Use the latest installer]
Use the latest installer provided by the developer.
For more details, refer to the information provided by the developer.
Vendor Information

Sony Corporation
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2026-50255
References

  1. JVN : JVN#79926428
Revision History

  • [2026/06/16]
      Web page was published

Date Public2026/06/16
Date First Published2026/06/16
Date Last Updated2026/06/16