JVN#09293613: Installer of Charamin OMP may insecurely load Dynamic Link Libraries

2017-06-23T00:00:00
ID JVN:09293613
Type jvn
Reporter Japan Vulnerability Notes
Modified 2017-06-23T00:00:00

Description

## Description

The installer of Charamin OMP provided by Charamin steering committee contains an issue with the DLL search path, which may lead to insecurely load Dynamic Link Libraries (CWE-427).

## Impact

Arbitrary code may be executed with the privilege of the user invoking the installer.

## Solution

Use the latest installer
Use the latest installer according to the information provided by the developer.
Users who already have installed Charamin OMP do not need to re-install the application, because this issue affects the installer only.

## Products Affected

  • The installer of Charamin OMP Version 1.1.7.4 and earlier
  • The installer of Charamin OMP Version 1.2.0.0 Beta and earlier