Published: Oct 22, 2010
>> JAPANESE

1.Overview

Sleipnir and Grani are web browsers. They are vulnerable to a flaw in the way they load DLL (Dynamic-Link Libraries). If exploited, there is a possibility that arbitrary code may be executed on the computers installed with Sleipnir and Grani.

To get a fixed version, go to the following URL.
For Sleipnir:
http://www.fenrir.co.jp/sleipnir/ (Japanese)
For Grani:
http://www.fenrir.co.jp/grani/ (Japanese)

For the latest information, refer to the following URL:
http://jvndb.jvn.jp/jvndb/JVNDB-2010-000047

The IPA first received a report concerning this vulnerability through the creditee below and the JPCERT Coordination Center (JPCERT/CC), in line with the Information Security Early Warning Partnership, made adjustments to clarify the matter with the vendor, and made the announcement public on October 22, 2010.

Credit

：

Makoto Shiotsuki

(Reported: September 27, 2010)

2.Impact

Involuntary operations may occur, such as the execution of unintended programs, the deletion of files, and the installation of malicious tools like viruses and bots when a user is guided to a shared folder, for example, on a file server and opens an HTML file there.

3.Solution

To fix this vulnerability, update to the fixed version provided by the vendor.

4.CVSS Severity

(1)Evaluation Result

Severity Rating (CVSS base score)	□ Low (0.0~3.9)	■ Medium (4.0~6.9)	□ High (7.0~10.0)
CVSS base score		6.8

(2) Base Score Metrics

AV:Access Vector	□ Local	□ Adjacent 　Network	■ Network
AC:Access Complexity	□ High	■ Medium	□ Low
Au:Authentication	□ Multiple	□ Single	■ None
C:Confidentiality Impact	□ None	■ Partial	□ Complete
I:Integrity Impact	□ None	■ Partial	□ Complete
A:Availability Impact	□ None	■ Partial	□ Complete

■:Selected Values

5.CWE Type

This vulnerability has been CWE classified as “CWE-Other”.

Contact