Japan Vulnerability NotesJVN:75929834JVN#75929834: Install program and Installer of i-フィルター 6.0 may insecurely load Dynamic Link Libraries and invoke executable files
0.002 Low
EPSS
Percentile
61.3%
i-フィルター 6.0 provided by Digital Arts Inc. is web filtering and parental control software. The install program is designed to download the installer via the internet and execute it. The i-フィルター 6.0 install program and installer contain the following vulnerabilities.
Lead to insecurely loading Dynamic Link Libraries (CWE-427) - CVE-2017-10858, CVE-2017-10859
| Version | Vector | Score |
|---|---|---|
| CVSS v3 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | Base Score: 7.8 |
| CVSS v2 | AV:N/AC:M/Au:N/C:P/I:P/A:P | Base Score: 6.8 |
Lead to insecurely invoke an executable file (CWE-427) - CVE-2017-10860
| Version | Vector | Score |
|---|---|---|
| CVSS v3 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | Base Score: 7.8 |
| CVSS v2 | AV:N/AC:M/Au:N/C:P/I:P/A:P | Base Score: 6.8 |
Impact
Arbitrary code may be executed with the privilege of the user running the install program or the installer.
Solution
Use the latest install program or installer
Use the latest install prgram or installer according to the information provided by the developer.
Note that the vulnerabilities affect the install program and the installer only, thus users who have already installed i-フィルター 6.0 do not need to re-install the software.
Products Affected
CVE-2017-10858
-
“i-フィルター 6.0 install program” file version 1.0.8.1 and earlier
CVE-2017-10859, CVE-2017-10860 -
“i-フィルター 6.0 installer” timestamp of code signing is before 23 Aug 2017 (JST)
Related
