Published: 2017/07/10  Last Updated: 2018/02/13

Information from SOURCENEXT CORPORATION

Vulnerability ID:JVN#29939155
Title:Self-Extracting Archives created by File Compact may insecurely load Dynamic Link Libraries
Status:Vulnerable

This is a statement from the vendor itself with no modification by JPCERT/CC.

File Compact has a feature to create self-extracting archive files.
Self-extracting archive files created by File Compact contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).

[Updated on February 14, 2018]
The previous fix that we released as version 5.10 / 6.02 / 7.02 was not enough,
we have released the updated version which include complete fix of this vulnerability.

update history

2018/02/13