JVN#08868688: The installers of multiple Japan Pension Service software may insecurely load Dynamic Link Libraries

The installers of multiple Japan Pension Service software contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.

Impact

This vulnerability can be exploited when the following condition is met. If this vulnerability is exploited, an arbitrary code may be executed with the privilege of the user invoking the installer.

• A user is tricked into placing a malicious DLL file prepared by an attacker in a specific folder.

Solution

Use the latest installers
Users who are intended to install the software for the first time or to upgrade the software, be sure to use the latest installers.

Products Affected

Installers of the following software that were available until October 17, 2016, are affected:

• Specification check program(social insurance) Ver. 9.00 and earlier
• TODOKESHO print program Ver. 5.00 and earlier
• Device data encryption program Ver. 1.00 and earlier
• TODOKESHO creation program Ver. 15.00 and earlier