JVN#22272314: Installer of "Flets Setsuzoku Tool" may insecurely load Dynamic Link Libraries

2017-08-25T00:00:00
ID JVN:22272314
Type jvn
Reporter Japan Vulnerability Notes
Modified 2017-08-25T00:00:00

Description

## Description

Installer of "Flets Setsuzoku Tool"provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).

## Impact

Arbitrary code may be executed with the privilege of the user invoking the installer.

## Solution

Do not use "Flets Setsuzoku Tool"
Developer states that they have stopped providing "Flets Setsuzoku Tool" on the website since 2017 June 30.
Do not use "Flets Setsuzoku Tool" because there are no countermeasures provided by the developer against this vulnerability.

For details, refer to the information provided by the developer.

## Products Affected

  • Flets Setsuzoku Tool for Windows all versions