Japan Vulnerability NotesJVN:51565015JVN#51565015: LINE for Windows may insecurely load Dynamic Link Libraries
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
5.1%
LINE for Windows provided by LINE Corporation contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.
Impact
Arbitrary code may be executed with the privileges of the running application.
Solution
Update the Software
For cuurent users of LINE for Windows, the application will automatically update to the latest version provided by the developer.
For users that will be installing LINE for Windows, the developer has provided an updated version of the installer, please use this version of the installer.
Products Affected
- LINE for Windows ver 4.7.0 and earlier
- LINE Installer for Windows ver 4.8.0 and earlier
[Added on August 19, 2016]
Note that LINE Installer for Windows (ver 4.8.0) did not address the vulnerability completely. Newer versions have been released.
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
5.1%