Font Size Change

HOMEIT SecurityMeasures for Information Security VulnerabilitiesIPA/ISEC:Vulnerabilities:Security Alert for Vulnerability in Lhaplus

PRINT PAGE

IT Security

IPA/ISEC:Vulnerabilities:Security Alert for Vulnerability in Lhaplus

Published: Oct 12, 2010
>> JAPANESE

Information-technology Promotion Agency (IPA, Chairman Kazumasa Fujie) announced a security alert on October 12, 2010, concerning security vulnerability in Lhaplus.
This vulnerability allows an attacker to execute arbitrary code when a user expands a compressed file stored in a particular folder.If exploited, a computer may become under the control of an attacker with malicious intent by being forced to execute unintended programs.

To fix this vulnerability, update to the fixed version supplied by the vendor.

1.Overview

Lhaplus is a file compression/decompression software and supports the data compression format lzh and zip to name a few. Lhaplus is vulnerable to a flaw in the way it loads DLL (Dynamic-Link Libraries). If exploited, there is a possibility that arbitrary code may be executed on the computers installed with Lhaplus.This vulnerability is a different one from those cautioned under the title 鉄ecurity Alert for Vulnerability in Lhaplus� on September 21, 2007, November 22, 2007, and April 28, 2008.

To get a fixed version, go to the following URL:
http://www7a.biglobe.ne.jp/~schezo/dll_vul.html (Japanese)

For the latest information, refer to the following URL:
http://jvndb.jvn.jp/jvndb/JVNDB-2010-000037

The IPA first received a report concerning this vulnerability through the creditees below and the JPCERT Coordination Center (JPCERT/CC), in line with the Information Security Early Warning Partnership, made adjustments to clarify the matter with the vendor, and made the announcement public on October 12, 2010.

Credit Hitachi Incident Response Team (Reported: September 6, 2010)
    Makoto Shiotsuki (Reported: September 13, 2010)

2.Impact

nvoluntary operations may occur, such as the execution of unintended programs, the deletion of files, and the installation of malicious tools like viruses and bots when a user is guided to a shared folder, for example, on a file server and opens a compressed file there.

Security Alert for Vulnerability in Lhaplus

3.Solution

To fix this vulnerability, update to the fixed version provided by the vendor.

4.CVSS Severity

(1)Evaluation Result

Severity Rating
(CVSS base score)
□ Low
(0.0~3.9)
Medium
(4.0~6.9)
High
(7.0~10.0)
CVSS base score  
6.8

(2) Base Score Metrics

AV:Access Vector □ Local □ Adjacent
 Network
■ Network
AC:Access Complexity □ High ■ Medium □ Low
Au:Authentication □ Multiple □ Single ■ None
C:Confidentiality Impact □ None ■ Partial □ Complete
I:Integrity Impact □ None ■ Partial □ Complete
A:Availability Impact □ None ■ Partial □ Complete

■:Selected Values

5.CWE Type

This vulnerability has been CWE classified as "No mapping (CWE-Other)".

Contact

IT Security Center,
Information-technology Promotion Agency, Japan (ISEC/IPA)
E-mail: