JVN#61502349
Self-Extracting Encrypted Files created by AttacheCase may insecurely load Dynamic Link Libraries
Overview
Self-extracting encrypted files created by AttacheCase may insecurely load Dynamic Link Libraries.
Products Affected
Self-extracting encrypted files created by the following software are affected:
- AttacheCase ver.2.8.3.0 and earlier - CVE-2017-2271
- AttacheCase ver.3.2.2.6 and earlier - CVE-2017-2272
Description
AttacheCase is an open source file encryption software provided by HiBARA Software. It can also create self-extracting encrypted files. Self-extracting encrypted files created by AttacheCase contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Impact
Arbitrary code may be executed with the privilege of the user invoking a vulnerable self-extracting encrypted file.
Solution
Update the Files
Update AttacheCase and re-encrypt the affected files according to the information by the developer.
AttacheCase ver2.x are no longer supported. HiBARA Software recommends AttacheCase ver4.x as the successor to AttacheCase ver2.x to re-encrypt the affected files.
Keep following the practice explained in the following workarounds to securely treat self-extracted encrypted files.
Apply Workarounds
- When invoking a self-extracting encrypted file, make sure no unrelated files exist within the same directory. It is best to copy the installer into a newly created directory and invoke it from that directory
- Make sure no untrusted files exist within the directory where the self-extracting encrypted file is invoked.
- If you have some shared directory within your organization to place self-extracting encrypted files, make sure that this shared directory is read-only for non-administrative users
- Operate self-extracting encrypted files using a standard user (non-administrator) account. Administrator accounts should be used only when necessary.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| HiBARA Software | Vulnerable | 2022/03/29 | HiBARA Software website |
References
-
Japan Vulnerability Note JVNTA#91240916
Insecure DLL Loading and Command Execution Issues on Many Windows Application Programs
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
| Access Vector(AV) | Local (L) | Adjacent Network (A) | Network (N) |
|---|---|---|---|
| Access Complexity(AC) | High (H) | Medium (M) | Low (L) |
| Authentication(Au) | Multiple (M) | Single (S) | None (N) |
| Confidentiality Impact(C) | None (N) | Partial (P) | Complete (C) |
| Integrity Impact(I) | None (N) | Partial (P) | Complete (C) |
| Availability Impact(A) | None (N) | Partial (P) | Complete (C) |
Comment
This analysis assumes that the user is tricked into placing a malicious DLL file in the same directory where a vulnerable encrypted files in self-executable format resides.
Credit
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2017-2271 |
|
CVE-2017-2272 |
|
| JVN iPedia |
JVNDB-2017-000174 |
Update History
- 2022/03/29
- HiBARA Software update status
- 2022/03/30
- Information under the section [Solution] was updated.