JVN#31236539: [Simeji for Windows(β)] installer may insecurely load Dynamic Link Libraries

2017-06-08T00:00:00
ID JVN:31236539
Type jvn
Reporter Japan Vulnerability Notes
Modified 2017-06-08T00:00:00

Description

## Description

[Simeji for Windows(β)] installer provided by Baidu Japan Inc. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).

## Impact

Arbitrary code may be executed with the privilege of the user invoking the installer.

## Solution

Do not use [Simeji for Windows(β)] installer
The developer has stated that the development and support of [Simeji for Windows(β)] has been discontinued, thus recommends users to stop using the installer.
Users who already have installed [Simeji for Windows(β)] do not need to re-install the application, because this issue affects the installer only.

## Products Affected

  • [Simeji for Windows(β)] installer (simeji.exe)