Published: Oct 22, 2010
The Information-technology Promotion Agency (IPA, Chairman Kazumasa Fujie) announced a security alert on October 22, 2010, concerning security vulnerability in Sleipnir and Grani.
This vulnerability allows an attacker to execute arbitrary code when a user opens an HTML file stored in a particular folder.
To fix this vulnerability, update to the fixed version supplied by the vendor.
Sleipnir and Grani are web browsers. They are vulnerable to a flaw in the way they load DLL (Dynamic-Link Libraries). If exploited, there is a possibility that arbitrary code may be executed on the computers installed with Sleipnir and Grani.
For the latest information, refer to the following URL:
The IPA first received a report concerning this vulnerability through the creditee below and the JPCERT Coordination Center (JPCERT/CC), in line with the Information Security Early Warning Partnership, made adjustments to clarify the matter with the vendor, and made the announcement public on October 22, 2010.
|Credit||：||Makoto Shiotsuki||(Reported: September 27, 2010)|
Involuntary operations may occur, such as the execution of unintended programs, the deletion of files, and the installation of malicious tools like viruses and bots when a user is guided to a shared folder, for example, on a file server and opens an HTML file there.
To fix this vulnerability, update to the fixed version provided by the vendor.
(CVSS base score)
|CVSS base score||
|AV:Access Vector||□ Local||□ Adjacent
|AC:Access Complexity||□ High||■ Medium||□ Low|
|Au:Authentication||□ Multiple||□ Single||■ None|
|C:Confidentiality Impact||□ None||■ Partial||□ Complete|
|I:Integrity Impact||□ None||■ Partial||□ Complete|
|A:Availability Impact||□ None||■ Partial||□ Complete|
IT Security Center,
Information-technology Promotion Agency, Japan (ISEC/IPA)