JVN#56764650: ViX may insecurely load Dynamic Link Libraries

2018-03-13T00:00:00
ID JVN:56764650
Type jvn
Reporter Japan Vulnerability Notes
Modified 2018-03-13T00:00:00

Description

## Description

ViX provided by K_OKADA is a Graphics Viewer Software for Windows. ViX contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries contained in the same directory as an image file (CWE-427).

## Impact

Arbitrary code may be executed with the privileges of the running application.

## Solution

Consider stop using ViX version 2.21.148.0
Since the developer was unreachable, existence of any mitigations are unknown.