Vulnerability-Lookup - Search a vulnerability

Refine your search

Product

Sort by

Order

Sources

1 vulnerability found for XacRett by kMonos.NET

jvndb-2010-000040

Vulnerability from jvndb

Published

2010-10-20 17:40

Modified

2010-10-20 17:40

Severity ?

() - -

Summary

XacRett may insecurely load executable files

Details

XacRett may use unsafe methods for determining how to load executables (.exe). XacRett is a file extraction software that supports many file formats. XacRett loads certain executables (.exe) when extracting files. XacRett contains an issue with the file search path, which may insecurely load executables. Makoto Shiotsuki reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN04665167/index.html
	JVNTR	https://jvn.jp/en/tr/JVNTR-2010-23/
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3157
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3157
	CERT-TA	http://www.us-cert.gov/cas/techalerts/TA10-238A.html
	SECUNIA	http://secunia.com/advisories/41850
	BID	http://www.securityfocus.com/bid/44125
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

kMonos.NET

XacRett

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000040.html",
  "dc:date": "2010-10-20T17:40+09:00",
  "dcterms:issued": "2010-10-20T17:40+09:00",
  "dcterms:modified": "2010-10-20T17:40+09:00",
  "description": "XacRett may use unsafe methods for determining how to load executables (.exe).\r\n\r\nXacRett is a file extraction software that supports many file formats. XacRett loads certain executables (.exe) when extracting files. XacRett contains an issue with the file search path, which may insecurely load executables.\r\n\r\nMakoto Shiotsuki reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000040.html",
  "sec:cpe": {
    "#text": "cpe:/a:kmonos:xacrett",
    "@product": "XacRett",
    "@vendor": "kMonos.NET",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "6.8",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2010-000040",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN04665167/index.html",
      "@id": "JVN#04665167",
      "@source": "JVN"
    },
    {
      "#text": "https://jvn.jp/en/tr/JVNTR-2010-23/",
      "@id": "JVNTR-2010-23",
      "@source": "JVNTR"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3157",
      "@id": "CVE-2010-3157",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3157",
      "@id": "CVE-2010-3157",
      "@source": "NVD"
    },
    {
      "#text": "http://www.us-cert.gov/cas/techalerts/TA10-238A.html",
      "@id": "TA10-238A",
      "@source": "CERT-TA"
    },
    {
      "#text": "http://secunia.com/advisories/41850",
      "@id": "SA41850",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/44125",
      "@id": "44125",
      "@source": "BID"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "XacRett may insecurely load executable files"
}