Vulnerability identifier: #VU63756
Vulnerability risk: Medium
CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-791
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
RevoWorks Browser
Client/Desktop applications /
Web browsers
RevoWorks SCVX
Web applications /
Other software
RevoWorks Desktop
Web applications /
Other software
Vendor: J’s Communication Co
Description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the sanitization process does not filter completely malicious elements within the File Sanitization Library. A remote attacker can trick a victim to download a specially crafted file and execute malicious macros.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
RevoWorks Browser: 2.2.67
RevoWorks SCVX: 1.043
RevoWorks Desktop: 2.1.84
External links
http://jvn.jp/en/jp/JVN27256219/index.html
http://jscom.jp/news-20220527/
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.