JVN#75700242: The installer of Digital Paper App may insecurely load Dynamic Link Libraries

2018-08-21T00:00:00
ID JVN:75700242
Type jvn
Reporter Japan Vulnerability Notes
Modified 2018-08-21T00:00:00

Description

## Description

Digital Paper App provided by Sony Corporation is document management software exclusively for Sony Digital Paper. The installer of Digital Paper App contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).

## Impact

Arbitrary code may be executed with the privilege of the user invoking the installer.

## Solution

Use the latest installer
Use the latest installer provided by the developer.
Also when executing the installer, be sure to check there are no suspicious files in the directory where the installer resides.

Note that this vulnerability affects the installer only, thus users who have already installed the software do not need to re-install the software.

## Products Affected

  • Digital Paper App version 1.4.0.16050 and earlier