JVN#87403477: Application and self-extracting archive containing the application of "FLET'S v4 / v6 address selection tool" may insecurely load Dynamic Link Libraries

2018-02-13T00:00:00
ID JVN:87403477
Type jvn
Reporter Japan Vulnerability Notes
Modified 2018-02-13T00:00:00

Description

## Description

Application and self-extracting archive containing the application of "FLET'S v4 / v6 address selection tool" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).

## Impact

Arbitrary code may be executed with the privilege of the user invoking the application or the self-extracting archive.

## Solution

Do not use "FLET'S v4 / v6 address selection tool"
Distribution and support of "FLET'S v4 / v6 address selection tool" was ended as of 2018 February 7.
Stop using "FLET'S v4 / v6 address selection tool".

If "FLET'S v4 / v6 address selection tool" obtained from the website before 2018 February 7 resides in your computer and has not yet been installed, do not install it. Delete the executable file immediately.

## Products Affected

  • FLET'S v4 / v6 address selection tool