JVN#42527152
"FFRI yarai" and "FFRI yarai Home and Business Edition" handle exceptional conditions improperly
Overview
"FFRI yarai" and "FFRI yarai Home and Business Edition" provided by FFRI Security, Inc. handle exceptional conditions improperly. Their OEM products are affected too.
Products Affected
- FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0
- FFRI yarai Home and Business Edition version 1.4.0
- Soliton Systems K.K.
- InfoTrace Mark II Malware Protection (Mark II Zerona) versions 3.0.1 to 3.2.2
- Zerona / Zerona PLUS versions 3.2.32 to 3.2.36
- NEC Corporation
- ActSecure χ versions 3.4.0 to 3.4.6 and 3.5.0
- SOURCENEXT CORPORATION
- Dual Safe Powered by FFRI yarai version 1.4.1
- Sky Co., Ltd.
- EDR Plus Pack (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0)
- EDR Plus Pack Cloud (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0)
Description
"FFRI yarai" and "FFRI yarai Home and Business Edition" provided by FFRI Security, Inc. handle exceptional conditions improperly (CWE-703).
When the product's Windows Defender management feature is enabled, and Microsoft Defender detects some files matching specific conditions as a threat, the affected product may fail to handle this situation properly and stop working.
Impact
The affected product may stop working, and remain stopped for 15 minutes in maximum.
Note that, even in such a situation, Microsoft Defender keeps working.
The developer states that the product can be recovered by either of the following.
- Restart the system where the product is running
- Wait for automatic recovery (15 minutes maximum)
Solution
Update the software
Update the software to the latest version according to the information provided by the developer.
The following versions are provided to address the vulnerability:
- FFRI Security, Inc.
- FFRI yarai versions 3.4.7 or 3.5.3
- FFRI yarai Home and Business Edition version 1.4.2
- Soliton Systems K.K.
- InfoTrace Mark II Malware Protection (Mark II Zerona) version 3.2.4
- NEC Corporation
- ActSecure χ version 3.5.3
- SOURCENEXT CORPORATION
- Dual Safe Powered by FFRI yarai version 1.4.2
- Sky Co., Ltd.
- EDR Plus Pack (Bundled FFRI yarai versions 3.4.7 or 3.5.3)
- EDR Plus Pack Cloud (Bundled FFRI yarai versions 3.4.7 or 3.5.3)
The following workaround may mitigate the impact of this vulnerability.
- Disable the Windows Defender management feature
Vendor Status
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
| Access Vector(AV) | Local (L) | Adjacent Network (A) | Network (N) |
|---|---|---|---|
| Access Complexity(AC) | High (H) | Medium (M) | Low (L) |
| Authentication(Au) | Multiple (M) | Single (S) | None (N) |
| Confidentiality Impact(C) | None (N) | Partial (P) | Complete (C) |
| Integrity Impact(I) | None (N) | Partial (P) | Complete (C) |
| Availability Impact(A) | None (N) | Partial (P) | Complete (C) |
Comment
The analysis assumes that Windows Defender management feature is enabled.
'User Interaction(UI)' is evaluated as 'Required' (UI:R), considering the attack scenario where a user is directed to open a certain file to trigger the detection.
Credit
FFRI Security, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and FFRI Security, Inc. coordinated under the Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2023-39341 |
| JVN iPedia |
JVNDB-2023-000080 |
Update History
- 2023/08/31
- Information under the section [Solution] was updated.