Untrusted Search Path Vulnerability in Digital Paper App by Sony
CVE-2018-0656

7.8HIGH

Key Information:

Vendor: Sony Corporation
Status: The Installer Of Digital Paper App
Vendor: CVE Published:; 4 September 2018

🔔 Create Sony Corporation Vulnerability Alert

What is CVE-2018-0656?

The Digital Paper App installer by Sony contains an untrusted search path vulnerability that enables attackers to exploit the installer. By placing a Trojan horse DLL in an unspecified directory, an attacker may gain elevated privileges when the application is executed. This flaw affects versions 1.4.0.16050 and earlier, posing a significant risk to users of the software.

Affected Version(s)

The installer of Digital Paper App version 1.4.0.16050 and earlier

References

https://esupport.sony.com/US/p/swu-download.pl?upd_id=109...

x_refsource_CONFIRM

http://jvn.jp/en/jp/JVN75700242/index.html

third-party-advisoryx_refsource_JVN

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2018
Vulnerability Reserved
Nov 27, 2017