Published: 2017/06/01  Last Updated: 2017/06/01

Information from TeraTerm Project

Vulnerability ID:JVN#06770361
Title:Installer of Tera Term may insecurely load Dynamic Link Libraries

This is a statement from the vendor itself with no modification by JPCERT/CC.

The installer of Tera Term 4.94 or earlier has vulnerability of DLL loading without intent.
When this vulnerability is used for bad ends, a malicious third person will execute any code on installer startup.

This vulnerability only affects on installer startup, so Tera Term already installed does not have the problem.
We provide information on this issue at the following URL.
"Tera Term installer has vulnerability of DLL loading without intent"