JVN#67305782: Installer of CASL II simulator(self-extract format) may insecurely load Dynamic Link Libraries

2017-06-09T00:00:00
ID JVN:67305782
Type jvn
Reporter Japan Vulnerability Notes
Modified 2017-06-09T00:00:00

Description

## Description

Installer of CASL II simulator(self-extract format) provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.

## Impact

Arbitrary code may be executed with the privilege of the user invoking the installer.

## Solution

Do not use CASL II simulator(self-extract format) installer
The developer has stated that the development and support of CASL II simulator(self-extract format) has been discontinued, thus recommends users to stop using the installer.

## Products Affected

  • Installer of CASL II simulator(self-extract format)