Published:
2022/03/30
Last Updated:
2022/03/30
Information from HiBARA Software
Vulnerability ID:JVN#10140834
Title:AttacheCase may insecurely load Dynamic Link Libraries
Status:Vulnerable
This is a statement from the vendor itself with no modification by JPCERT/CC.
A vulnerability in loading "dwmapi.dll" was discovered in the encryption tool "AttacheCase4" released on the site.
Placing a maliciously modified "dwmapi.dll" in the directory containing the executable file (AttacheCase.exe) may allow arbitrary code to be executed.
This vulnerability have been confirmed in ver. 4.0.2.7 or earlier. If you are using these versions of "AttacheCase4", please update to the latest version as soon as possible.