|
[Japanese]
|
JVNDB-2026-001732
|
Multiple Brother software installers may insecurely load Dynamic Link Libraries
|
|
Multiple software installers provided by Brother Industries, Ltd. may insecurely load some dynamic link libraries.- Uncontrolled search path element (CWE-427) - CVE-2016-2542, CVE-2021-41526
Kazuma Matsumoto of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to Brother Industries, Ltd. and coordinated.
After the coordination was completed, Brother Industries, Ltd. reported the case to JPCERT/CC to notify users of the solution through JVN.
|
|
CVSS V3 Severity:
Base Metrics 7.8 (High) [Other]
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
The above CVSS base scores have been assigned for CVE-2016-2542, CVE-2021-41526
|
|
The installers of the following software are affected:
|
Brother Industries
- Status Monitor Update Tool 1.43.0.0 and prior versions
- Software Update Notification Updater 1.0.21.0 and prior versions
- Universal Printer Driver version 1.00
- Universal Printer Driver for PCL 1.10.1 and prior versions
- Universal Printer Driver for BR-Script (PostScript language emulation) 1.18.1 and prior versions
|
|
|
Arbitrary code may be executed with Administrator privilege.
|
|
[Use the latest installers]
Use the latest installers which have fixed this issue.
This issue concerns about the behavior of the installers, and already installed software are not affected.
|
|
Brother Industries
|
|
- Uncontrolled Search Path Element(CWE-427) [Other]
|
|
- CVE-2016-2542
- CVE-2021-41526
|
|
- JVN : JVNVU#93474119
- JVN : JVNTA#91240916
|
|
- [2026/01/26]
Web page was published
|
