Vulnerability-Lookup - Search a vulnerability

Refine your search

Product

Sort by

Order

Sources

1 vulnerability found for Archive Decoder by pon software

jvndb-2010-000044

Vulnerability from jvndb

Published

2010-10-20 17:41

Modified

2010-10-20 17:41

Severity ?

() - -

Summary

Archive Decoder may insecurely load executable files

Details

Archive Decoder may use unsafe methods for determining how to load executables (.exe). Archive Decoder is a file extraction software that supports multiple file en extracting files. Archive Decoder contains an issue with the file search path, which may insecurely load executables. Makoto Shiotsuki reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN68536660/index.html
	JVNTR	https://jvn.jp/en/tr/JVNTR-2010-23/index.html
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3160
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3160
	CERT-TA	http://www.us-cert.gov/cas/techalerts/TA10-238A.html
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

pon software

Archive Decoder

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000044.html",
  "dc:date": "2010-10-20T17:41+09:00",
  "dcterms:issued": "2010-10-20T17:41+09:00",
  "dcterms:modified": "2010-10-20T17:41+09:00",
  "description": "Archive Decoder may use unsafe methods for determining how to load executables (.exe).\r\n\r\nArchive Decoder is a file extraction software that supports multiple file en extracting files. Archive Decoder contains an issue with the file search path, which may insecurely load executables.\r\n\r\nMakoto Shiotsuki reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000044.html",
  "sec:cpe": {
    "#text": "cpe:/a:ponsoftware:archive_decoder",
    "@product": "Archive Decoder",
    "@vendor": "pon software",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "6.8",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2010-000044",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN68536660/index.html",
      "@id": "JVN#68536660",
      "@source": "JVN"
    },
    {
      "#text": "https://jvn.jp/en/tr/JVNTR-2010-23/index.html",
      "@id": "JVNTR-2010-23",
      "@source": "JVNTR"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3160",
      "@id": "CVE-2010-3160",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3160",
      "@id": "CVE-2010-3160",
      "@source": "NVD"
    },
    {
      "#text": "http://www.us-cert.gov/cas/techalerts/TA10-238A.html",
      "@id": "TA10-238A",
      "@source": "CERT-TA"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Archive Decoder may insecurely load executable files"
}