JVN#06770361: Installer of Tera Term may insecurely load Dynamic Link Libraries

2017-06-01T00:00:00
ID JVN:06770361
Type jvn
Reporter Japan Vulnerability Notes
Modified 2017-06-01T00:00:00

Description

## Description

The installer of Tera Term provided by TeraTerm Project contains an issue with the DLL search path, which may lead to insecurely load Dynamic Link Libraries (CWE-427).

## Impact

Arbitrary code may be executed with the privilege of the user invoking the installer.

## Solution

Use the latest installer
Use the latest installer according to the information provided by the developer.
Users who already have installed Tera Term do not need to re-install the application, because this issue affects the installer only.

## Products Affected

  • The installer of Tera Term 4.94 and earlier