Published: 2022/08/29  Last Updated: 2022/08/29

Information from RICOH COMPANY, LTD.

Vulnerability ID:JVN#44721267
Title:Installer of Ricoh Device Software Manager may insecurely load Dynamic Link Libraries
Status:Vulnerable

This is a statement from the vendor itself with no modification by JPCERT/CC.

■ Impact
Arbitrary code may be executed with the privilege of running Device Software Manager.
Note that this vulnerability only affects the installer startup. If you have already installed the product, it will not be affected.

■ Workaround
Copy the Device Software Manager downloaded from the website to an empty folder and run it.

■ What to do
Please use the latest installer.

■ Countermeasure version
Device Software Manager Ver.2.20.3.0