JVN#80144272: Multiple TYPE-MOON games vulnerable to OS command injection

ID JVN:80144272
Type jvn
Reporter Japan Vulnerability Notes
Modified 2015-11-05T00:00:00


## Description

Multiple games provided by TYPE-MOON contain an OS command injection vulnerability (CWE-78) due to an issue in loading save data.

## Impact

When specially crafted save data is loaded, an arbitrary OS command may be executed.

## Solution

Apply a Workaround
The following workaround can mitigate the affects of this vulnerability.

  • Do not load save data provided by an untrusted source.

## Products Affected

  • Fate/stay night (CD, DVD)
  • Fate/hollow ataraxia
  • Witch on the Holy Night
  • Fate/stay night + hollow ataraxia set