Japan Vulnerability NotesJVN:36623716JVN#36623716: Music Center for PC improperly verifies software update files
5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
52.5%
Music Center for PC provided by Sony Video & Sound Products Inc. contains an issue in software update process (CWE-669). As a result, under a man-in-the-middle attack, a specially crafted executable file may be downloaded and executed.
Impact
Under a man-in-the-middle attack, a specially crafted file may be downloaded and executed.
Solution
Update the Software
Update to the latest version using the latest installer directly downloaded from the developer’s site, according to the information provided by the developer.
Products Affected
- Music Center for PC version 1.0.02 and earlier
Related
5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
52.5%