i-フィルター 6.0 provided by Digital Arts Inc. is web filtering and parental control software. The install program is designed to download the installer via the internet and execute it. The i-フィルター 6.0 install program and installer contain the following vulnerabilities.
Lead to insecurely loading Dynamic Link Libraries (CWE-427) - CVE-2017-10858, CVE-2017-10859
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | Base Score: 7.8 |
CVSS v2 | AV:N/AC:M/Au:N/C:P/I:P/A:P | Base Score: 6.8 |
Lead to insecurely invoke an executable file (CWE-427) - CVE-2017-10860
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | Base Score: 7.8 |
CVSS v2 | AV:N/AC:M/Au:N/C:P/I:P/A:P | Base Score: 6.8 |
Arbitrary code may be executed with the privilege of the user running the install program or the installer.
Use the latest install program or installer
Use the latest install prgram or installer according to the information provided by the developer.
Note that the vulnerabilities affect the install program and the installer only, thus users who have already installed i-フィルター 6.0 do not need to re-install the software.
CVE-2017-10858
“i-フィルター 6.0 install program” file version 1.0.8.1 and earlier
CVE-2017-10859, CVE-2017-10860
“i-フィルター 6.0 installer” timestamp of code signing is before 23 Aug 2017 (JST)