JVN#05340816: Multiple installers of Toshiba memory card related software may insecurely load Dynamic Link Libraries

2017-04-14T00:00:00
ID JVN:05340816
Type jvn
Reporter Japan Vulnerability Notes
Modified 2017-04-14T00:00:00

Description

## Description

Multiple installers of Toshiba memory card related software contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).

## Impact

Arbitrary code may be executed with the privilege of the user invoking the installer.

## Solution

Use the latest installers
Use the latest installers according to the information provided by the developer.
Users who already have installed the software do not need to re-install the application, because this issue affects the installers only.

## Products Affected

The installers of the following software are affected:

  • SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier
  • SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Configuration Software V3.0.2 and earlier
  • SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WE series<W-03>) V3.00.01
  • SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WD/WC series<W-02>) V2.00.03 and earlier
  • SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WB/WL series) V1.00.04 and earlier
  • SDHC Memory Card with embedded TransferJetTM functionality Configuration Software V1.02 and earlier
  • SDHC Memory Card with embedded TransferJetTM functionality Software Update tool V1.00.06 and earlier