漏洞关键信息 漏洞编号: JVN#02037158 漏洞名称: AttachéCase vulnerable to arbitrary script execution 受影响产品: - AttachéCase ver.2.8.4.0 and earlier - CVE-2018-0674 - AttachéCase ver.3.3.0.0 and earlier - CVE-2018-0675 漏洞描述: - AttachéCase is an open source file encryption software provided by HiBARA Software. - If a setting file is specially crafted and it resides in the same folder where ATC file resides, it is leveraged to execute an arbitrary script when ATC file is decrypted. 影响: - A remote unauthenticated attacker may execute an arbitrary script. 解决方案: - Update the software to the latest version according to the information provided by the developer. 厂商状态: - Vendor: HiBARA Software - Status: Vulnerable - Last Update: 2018/08/31 - Vendor Notes: HiBARA Software website 漏洞分析 (CVSS): - CVSS v3: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, Base Score: 7.8 - CVSS v2: AV:N/AC:M/Au:N/C:P/I:P/A:P, Base Score: 6.8 报告者: - Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. - JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.