Japan Vulnerability NotesJVN:51274854JVN#51274854: Multiple software for Sharp IC Card Reader/Writer Devices may insecurely load Dynamic Link Libraries
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
41.4%
The tool to verify execution environment and the driver installer for IC Card Reader/Writer devices provided by Sharp Corporation contain an issue with the DLL search path, which may lead to insecurely load Dynamic Link Libraries (CWE-427).
Impact
Arbitrary code may be executed with the privilege of the user invoking the tool or the installer.
Solution
Use the latest installer
Use the latest installer according to the information provided by the developer.
The following versions address the issue.
- RW-4040 driver installer for Windows 7 version 2.2.7.1 (RW40Inst.exe)
- RW-5100 driver installer for Windows 7 version 1.2.0.0 (RW51Inst.exe)
- RW-5100 driver installer for Windows 8.1 version 1.2.0.0 (RW51Inst.exe)
Users who already have installed the driver software do not need to re-install the software, because this issue affects the installers only.
Use the latest version of the tool to verify execution environment
Use the latest version of the tool according to the information provided by the developer.
The following versions address the issue.
- RW-4040 tool to verify execution environment for Windows 7 version 1.3.0.0 (RW4040Test_win7.exe)
- RW-5100 tool to verify execution environment for Windows 7 version 1.2.0.0 (RW5100Test_win7.exe)
- RW-5100 tool to verify execution environment for Windows 8.1 version 1.2.1.0 (RW5100Test_win8.1.exe)
Products Affected
- RW-4040 driver installer for Windows 7 version 2.27A (RW4040V2.27_A_win7V.exe) and earlier - CVE-2017-2189
- RW-5100 driver installer for Windows 7 version 1.0.0.9A (RW5100V1.0.0.9_A_win.exe) and earlier - CVE-2017-2191
- RW-5100 driver installer for Windows 8.1 version 1.0.1.0A (RW5100V1.0.1.0_A_win8.exe) and earlier - CVE-2017-2191
- RW-4040 tool to verify execution environment for Windows 7 version 1.2.0.0A (RW4040Test_A_win7V.exe) and earlier - CVE-2017-2190
- RW-5100 tool to verify execution environment for Windows 7 version 1.1.0.0A (RW5100Test_A_win7.exe) and earlier - CVE-2017-2192
- RW-5100 tool to verify execution environment for Windows 8.1 version 1.2.0.0A (RW5100Test_A_win8.exe) and earlier - CVE-2017-2192
Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
41.4%