Multiple vulnerabilities in SKYSEA Client View
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2024-21805 CVE-2024-24964 |
| CWE-ID | CWE-427 CWE-284 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
SKYSEA Client View Client/Desktop applications / Other client software |
| Vendor | Sky Co., LTD. |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Insecure DLL loading
EUVDB-ID: #VU87199
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21805
CWE-ID:
CWE-427 - Uncontrolled Search Path Element
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to the application loads DLL libraries in an insecure manner. A local user can place a specially crafted .dll file and execute arbitrary code on victim's system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSKYSEA Client View: 16.100
External linkshttp://jvn.jp/en/jp/JVN54451757/index.html
http://www.skyseaclientview.net/news/240307_01/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper access control
EUVDB-ID: #VU87203
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-24964
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the resident process. A local user can bypass implemented security restrictions and gain unauthorized access to the application.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSKYSEA Client View: 11.220
External linkshttp://jvn.jp/en/jp/JVN54451757/index.html
http://www.skyseaclientview.net/news/240307_01/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
