Vulnerability-Lookup - Search a vulnerability

Refine your search

Product

Sort by

Order

Sources

1 vulnerability found for LOGICOOL CONNECTION UTILITY SOFTWARE by Logitech

jvndb-2018-000072

Vulnerability from jvndb

Published

2018-07-06 14:36

Modified

2019-07-05 17:38

Severity ?

7.8 (High) - cvssV3_0 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

The installers of multiple Logicool software programs may insecurely load Dynamic Link Libraries

Details

The installers of multiple software programs provided by Logicool Co. Ltd contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427) . Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN52574492/index.html
	JVN	https://jvn.jp/en/ta/JVNTA91240916/
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0620
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0621
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0620
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0621
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	Logitech	LOGICOOL CONNECTION UTILITY SOFTWARE
	Logitech	LOGICOOL Game Software

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000072.html",
  "dc:date": "2019-07-05T17:38+09:00",
  "dcterms:issued": "2018-07-06T14:36+09:00",
  "dcterms:modified": "2019-07-05T17:38+09:00",
  "description": "The installers of multiple software programs provided by Logicool Co. Ltd contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427) .\r\n\r\nYuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000072.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:logitech:connection_utility_software",
      "@product": "LOGICOOL CONNECTION UTILITY SOFTWARE",
      "@vendor": "Logitech",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:logitech:game_software",
      "@product": "LOGICOOL Game Software",
      "@vendor": "Logitech",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "6.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "7.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2018-000072",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN52574492/index.html",
      "@id": "JVN#52574492",
      "@source": "JVN"
    },
    {
      "#text": "https://jvn.jp/en/ta/JVNTA91240916/",
      "@id": "JVNTA#91240916",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0620",
      "@id": "CVE-2018-0620",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0621",
      "@id": "CVE-2018-0621",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0620",
      "@id": "CVE-2018-0620",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0621",
      "@id": "CVE-2018-0621",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "The installers of multiple Logicool software programs may insecurely load Dynamic Link Libraries"
}