Font Size Change

HOMEIT SecurityMeasures for Information Security VulnerabilitiesIPA/ISEC:Vulnerabilities:Security Alert for Multiple Vulnerabilities in Security Alert for Vulnerability in Windows

PRINT PAGE

IT Security

IPA/ISEC:Vulnerabilities:Security Alert for Multiple Vulnerabilities in Security Alert for Vulnerability in Windows

Published: Aug 10, 2011
>> JAPANESE

The Information-technology Promotion Agency (IPA, Chairman Kazumasa Fujie) announced a security alert concerning security vulnerability in Windows on August 10, 2011. To fix this vulnerability, apply the update program provided by the vendor.

1.Overview

Windows is an operating system developed by Microsoft Corporation. Windows has an issue in URL protocol handler, where an application such as web browser calls another application. If exploited, there is a possibility that malicious programs like virus may be installed to Windows PCs or data stored on the Windows PCs may be accessed by an attacker.

To get the update program, go to the following URL:
http://www.microsoft.com/technet/security/bulletin/ms11-057.mspx
For the latest information, refer to the following URL:
http://jvndb.jvn.jp/jvndb/JVNDB-2011-000060

In line with the Information Security Early Warning Partnership, the IPA received a report concerning this vulnerability through the creditee below, and the JPCERT Coordination Center (JPCERT/CC) made adjustments to clarify the matter with the product developer and made it public on August 10, 2011.

Credit: Makoto Shiotsuki Security Professionals Network Inc.
(Reported: September 21, 2010)

2.Impact

Arbitrary code may be executed when a user is guided to shared folders like those on a file server and opens a file there through applications such as web browser. As a result, malicious programs like virus may be installed to Windows PCs or data stored on the Windows PCs may be accessed by an attacker.

Security Alert for Vulnerability in Ichitaro Series

3.Solution

To fix this vulnerability, apply the update program provided by the vendor.

4.CVSS Severity

(1)Evaluation Result

Severity Rating
(CVSS base score)
□ Low
(0.0~3.9)
Medium
(4.0~6.9)
□ High
(7.0~10.0)
CVSS base score  
6.8

(2) Base Score Metrics

AV:Access Vector □ Local □ Adjacent
 Network
■ Network
AC:Access Complexity □ High ■ Medium □ Low
Au:Authentication □ Multiple □ Single ■ None
C:Confidentiality Impact □ None ■ Partial □ Complete
I:Integrity Impact □ None ■ Partial □ Complete
A:Availability Impact □ None ■ Partial □ Complete

■:Selected Values

5.CWE Type

This vulnerability has been CWE classified as "No Mapping (CWE-Other)".

Contact

IT Security Center,
Information-technology Promotion Agency, Japan (ISEC/IPA)
E-mail: