Published: 2018/07/23  Last Updated: 2018/07/23

Information from ChatWork Co,. LTD.

Vulnerability ID:JVN#39171169
Title:Installer of ChatWork Desktop App for Windows may insecurely load Dynamic Link Libraries
Status:Vulnerable

This is a statement from the vendor itself with no modification by JPCERT/CC.

Within ChatWork desktop app for Windows (version 2.3.0 or lower) provided by ChatWork Inc, there was a problem in the search path of reading DLL, and it reads the specific DLL within the same directly. We considered it as security vulnerability (CWE-427) and we fixed it by providing version 2.4.0 in ZIP format on July 10, 2018.