Japan Vulnerability NotesJVN:42031953JVN#42031953: FileCapsule Deluxe Portable and Encrypted Files in Self-Decryption Format created by FileCapsule Deluxe Portable may insecurely load Dynamic Link Libraries
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
27.2%
FileCapsule Deluxe Portable is a file encryption software. FileCapsule Deluxe Portable contains the following vulnerabilities.
FileCapsule Deluxe Portable insecurely load Dynamic Link Libraries (CWE-427) - CVE-2017-2265, CVE-2017-2267, CVE-2017-2269
| Version | Vector | Score |
|---|---|---|
| CVSS v3 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | Base Score: 7.8 |
| CVSS v2 | AV:N/AC:M/Au:N/C:P/I:P/A:P | Base Score: 6.8 |
Encrypted files in self-decryption format created by FileCapsule Deluxe Portable insecurely load Dynamic Link Libraries (CWE-427) - CVE-2017-2266, CVE-2017-2268, CVE-2017-2270
| Version | Vector | Score |
|---|---|---|
| CVSS v3 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | Base Score: 7.8 |
| CVSS v2 | AV:N/AC:M/Au:N/C:P/I:P/A:P | Base Score: 6.8 |
Impact
- Arbitrary code may be executed with the privilege of the user invoking the application. - CVE-2017-2265, CVE-2017-2267, CVE-2017-2269
- Arbitrary code may be executed with the privilege of the user invoking the Encrypted file in self-decryption format. - CVE-2017-2266, CVE-2017-2268, CVE-2017-2270
Solution
Update the Software
Update to the latest version according to the information provided by the developer. Encrypted files in self-decryption format must be re-created using the latest version.
According to the developer, following actions are necessary when using Windows OS prior to Windows 8.
- In case of Windows Vista or 7, KB2533623 provided by Microsoft should be applied before using the latest version.
- In case of Windows XP, users must take care where to place the application or the encrypted files in self-decryption format. Make sure no untrusted files exist in the same folder as the application or the encrypted file in self-decryption format.
For more information, refer to the information provided by the developer.
Products Affected
- FileCapsule Deluxe Portable Ver.1.0.4.1 and earlier - CVE-2017-2265
- Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.1.0.4.1 and earlier - CVE-2017-2266
- FileCapsule Deluxe Portable Ver.1.0.5.1 and earlier - CVE-2017-2267
- Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.1.0.5.1 and earlier - CVE-2017-2268
- FileCapsule Deluxe Portable Ver.2.0.9 and earlier - CVE-2017-2269
- Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.2.0.9 and earlier - CVE-2017-2270
Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
27.2%