Published:
2017/07/10
Last Updated:
2018/02/14
Information from SOURCENEXT CORPORATION
Vulnerability ID:JVN#29939155
Title:Self-Extracting Archives created by File Compact may insecurely load Dynamic Link Libraries
Status:Vulnerable
This is a statement from the vendor itself with no modification by JPCERT/CC.
File Compact has a feature to create self-extracting archive files.
Self-extracting archive files created by File Compact contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
[Updated]
The previous fix that we released as version 5.10 / 6.02 / 7.02 was not enough,
we have released the updated version which include complete fix of this vulnerability.
