Refine your search
3 vulnerabilities found for Music Center by Sony Video & Sound Products Inc.
jvndb-2018-000103
Vulnerability from jvndb
Published
2018-10-09 16:22
Modified
2019-07-26 15:57
Severity ?
Summary
Music Center for PC improperly verifies software update files
Details
Music Center for PC provided by Sony Video & Sound Products Inc. contains an issue in software update process (CWE-669). As a result, under a man-in-the-middle attack, a specially crafted executable file may be downloaded and executed.
DigiGnome reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000103.html",
"dc:date": "2019-07-26T15:57+09:00",
"dcterms:issued": "2018-10-09T16:22+09:00",
"dcterms:modified": "2019-07-26T15:57+09:00",
"description": "Music Center for PC provided by Sony Video \u0026 Sound Products Inc. contains an issue in software update process (CWE-669). As a result, under a man-in-the-middle attack, a specially crafted executable file may be downloaded and executed.\r\n\r\nDigiGnome reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000103.html",
"sec:cpe": {
"#text": "cpe:/a:sony:music_center",
"@product": "Music Center",
"@vendor": "Sony Video \u0026 Sound Products Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000103",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN36623716/",
"@id": "JVN#36623716",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0690",
"@id": "CVE-2018-0690",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0690",
"@id": "CVE-2018-0690",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Music Center for PC improperly verifies software update files"
}
jvndb-2017-000250
Vulnerability from jvndb
Published
2017-12-22 15:50
Modified
2018-04-04 13:53
Severity ?
Summary
The installer of Music Center for PC may insecurely load Dynamic Link Libraries
Details
Music Center for PC provided by Sony Video & Sound Products Inc. is a file management tool. The installer of Music Center for PC contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Note that this vulnerability is different from JVN#08517069.
DigiGnome(@biz4g) reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000250.html",
"dc:date": "2018-04-04T13:53+09:00",
"dcterms:issued": "2017-12-22T15:50+09:00",
"dcterms:modified": "2018-04-04T13:53+09:00",
"description": "Music Center for PC provided by Sony Video \u0026 Sound Products Inc. is a file management tool. The installer of Music Center for PC contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nNote that this vulnerability is different from JVN#08517069.\r\n\r\nDigiGnome(@biz4g) reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000250.html",
"sec:cpe": {
"#text": "cpe:/a:sony:music_center",
"@product": "Music Center",
"@vendor": "Sony Video \u0026 Sound Products Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000250",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN60695371/index.html",
"@id": "JVN#60695371",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/ta/JVNTA91240916/index.html",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10909",
"@id": "CVE-2017-10909",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10909",
"@id": "CVE-2017-10909",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "The installer of Music Center for PC may insecurely load Dynamic Link Libraries"
}
jvndb-2017-000239
Vulnerability from jvndb
Published
2017-11-21 15:40
Modified
2018-03-14 14:25
Severity ?
Summary
The installer of Media Go and Music Center for PC may insecurely load Dynamic Link Libraries
Details
Media Go and Music Center for PC provided by Sony Group are file management tools. The installer of Media Go and Music Center for PC contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. and Shun Suzaki reported CVE-2017-10891 vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000239.html",
"dc:date": "2018-03-14T14:25+09:00",
"dcterms:issued": "2017-11-21T15:40+09:00",
"dcterms:modified": "2018-03-14T14:25+09:00",
"description": "Media Go and Music Center for PC provided by Sony Group are file management tools. The installer of Media Go and Music Center for PC contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nEili Masami of Tachibana Lab. and Shun Suzaki reported CVE-2017-10891 vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000239.html",
"sec:cpe": [
{
"#text": "cpe:/a:sony:media-go",
"@product": "Media Go",
"@vendor": "Sony Video \u0026 Sound Products Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sony:music_center",
"@product": "Music Center",
"@vendor": "Sony Video \u0026 Sound Products Inc.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000239",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN08517069/index.html",
"@id": "JVN#08517069",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/ta/JVNTA91240916/index.html",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10891",
"@id": "CVE-2017-10891",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10892",
"@id": "CVE-2017-10892",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10891",
"@id": "CVE-2017-10891",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10892",
"@id": "CVE-2017-10892",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "The installer of Media Go and Music Center for PC may insecurely load Dynamic Link Libraries"
}