Information from Canon IT Solutions Inc.
Vulnerability ID:JVN#41452671
Title:The installers of multiple Canon IT Solutions Inc. software programs may insecurely load Dynamic Link Libraries
Status:Vulnerable
This is a statement from the vendor itself with no modification by JPCERT/CC.
Overview
Installer of multiple software, provided by Canon IT Solutions Inc., has a vulnerability. This installer has a problem in the search path, so it reads the specific DLL file existing in the same directory.
Products Affected
The installer of the following programs of Windows version (the date stamp of digital signature is before "July 10, 2018").
- Personal products / corporate client products
ESET Smart Security Premium
ESET Internet Security
ESET Smart Security
ESET NOD32 Antivirus
- Encryption products for corporate users (package / download product)
DESlock+ Pro
CompuSec (All programs except packaged products)
Impact
When installing of software affected by this vulnerability, if the specially made up DLL file is located in the same directory, arbitrary code may be executed with the privilege of running the corresponding installer.
Please note that this vulnerability only affects the installer's startup. each products already installed will not be affected.
Solution
Use the latest installer based on the information provided by Canon IT Solutions Inc.