Vulnerability-Lookup - Search a vulnerability

Refine your search

Product

Sort by

Order

Sources

1 vulnerability found for Lhasa by Yoshihito Takemura

jvndb-2010-000038

Vulnerability from jvndb

Published

2010-10-18 19:36

Modified

2010-10-18 19:36

Severity ?

() - -

Summary

Lhasa may insecurely load executable files

Details

Lhasa may use unsafe methods for determining how to load executables (.exe). Lhasa is a file extraction software that supports LZH and ZIP formats. Lhasa loads certain executables (.exe) when extracting files. Lhasa contains an issue with the file search path, which may insecurely load executables. Makoto Shiotsuki reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN88850043/index.html
	JVNTR	https://jvn.jp/en/tr/JVNTR-2010-23/
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2369
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2369
	IPA SECURITY ALERTS	http://www.ipa.go.jp/security/english/vuln/201010_Lhasa_en.html
	CERT-TA	http://www.us-cert.gov/cas/techalerts/TA10-238A.html
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

Yoshihito Takemura

Lhasa

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000038.html",
  "dc:date": "2010-10-18T19:36+09:00",
  "dcterms:issued": "2010-10-18T19:36+09:00",
  "dcterms:modified": "2010-10-18T19:36+09:00",
  "description": "Lhasa may use unsafe methods for determining how to load executables (.exe).\r\n\r\nLhasa is a file extraction software that supports LZH and ZIP formats. Lhasa loads certain executables (.exe) when extracting files. Lhasa contains an issue with the file search path, which may insecurely load executables.\r\n\r\nMakoto Shiotsuki reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000038.html",
  "sec:cpe": {
    "#text": "cpe:/a:susie_ro:lhasa",
    "@product": "Lhasa",
    "@vendor": "Yoshihito Takemura",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "6.8",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2010-000038",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN88850043/index.html",
      "@id": "JVN#88850043",
      "@source": "JVN"
    },
    {
      "#text": "https://jvn.jp/en/tr/JVNTR-2010-23/",
      "@id": "JVNTR-2010-23",
      "@source": "JVNTR"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2369",
      "@id": "CVE-2010-2369",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2369",
      "@id": "CVE-2010-2369",
      "@source": "NVD"
    },
    {
      "#text": "http://www.ipa.go.jp/security/english/vuln/201010_Lhasa_en.html",
      "@id": "Security Alert for Vulnerability in Lhasa",
      "@source": "IPA SECURITY ALERTS"
    },
    {
      "#text": "http://www.us-cert.gov/cas/techalerts/TA10-238A.html",
      "@id": "TA10-238A",
      "@source": "CERT-TA"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Lhasa may insecurely load executable files"
}