Type Moon VN Security Vulnerability
Page 1 of 1
Type Moon VN Security Vulnerability
http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000174.html
https://www.reddit.com/r/fatestaynight/comments/3s52id/fate_vns_security_vulnerability_save_data_os/
Overview
Multiple games provided by TYPE-MOON contain an OS command injection vulnerability (CWE-78) due to an issue in loading save data.
KUSANO Kazuhiko reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)
Base Metrics: 6.8 (Medium) [IPA Score]
Access Vector: Network
Access Complexity: Medium
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: Partial
Availability Impact: Partial
Affected Products
TYPE-MOON / Notes Co.,Ltd.
Fate/hollow ataraxia
Fate/stay night (CD, DVD)
Fate/stay night + hollow ataraxia set
Witch on the Holy Night
Impact
When specially crafted save data is loaded, an arbitrary OS command may be executed.
Solution
[Apply a Workaround]
The following workaround can mitigate the affects of this vulnerability.
* Do not load save data provided by an untrusted source.
Vendor Information
TYPE-MOON / Notes Co.,Ltd.
TYPE-MOON / Notes Co.,Ltd. : TYPE-MOON / Notes Co.,Ltd. website
CWE (What is CWE?)
OS Command Injection(CWE-78) [IPA Evaluation]
CVE (What is CVE?)
CVE-2015-5672
References
JVN : JVN#80144272
National Vulnerability Database (NVD) : CVE-2015-5672
https://www.reddit.com/r/fatestaynight/comments/3s52id/fate_vns_security_vulnerability_save_data_os/
Overview
Multiple games provided by TYPE-MOON contain an OS command injection vulnerability (CWE-78) due to an issue in loading save data.
KUSANO Kazuhiko reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)
Base Metrics: 6.8 (Medium) [IPA Score]
Access Vector: Network
Access Complexity: Medium
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: Partial
Availability Impact: Partial
Affected Products
TYPE-MOON / Notes Co.,Ltd.
Fate/hollow ataraxia
Fate/stay night (CD, DVD)
Fate/stay night + hollow ataraxia set
Witch on the Holy Night
Impact
When specially crafted save data is loaded, an arbitrary OS command may be executed.
Solution
[Apply a Workaround]
The following workaround can mitigate the affects of this vulnerability.
* Do not load save data provided by an untrusted source.
Vendor Information
TYPE-MOON / Notes Co.,Ltd.
TYPE-MOON / Notes Co.,Ltd. : TYPE-MOON / Notes Co.,Ltd. website
CWE (What is CWE?)
OS Command Injection(CWE-78) [IPA Evaluation]
CVE (What is CVE?)
CVE-2015-5672
References
JVN : JVN#80144272
National Vulnerability Database (NVD) : CVE-2015-5672
Zhu Yang- Archon
- Nasuverse Master
Posts : 2107
AwesomeSauce : 9
Similar topics
» Type Moon on Twitter
» Type Moon Magazine
» HOW TYPE MOON WAS STARTED!!!!!!!
» Type Moon Tarot Cards
» omfj Type moon cafe
» Type Moon Magazine
» HOW TYPE MOON WAS STARTED!!!!!!!
» Type Moon Tarot Cards
» omfj Type moon cafe
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum