Search

Find a vulnerability

Search criteria

    11 vulnerabilities by Sony Video & Sound Products Inc.

    CVE-2018-0690 (GCVE-0-2018-0690)

    Vulnerability from nvd – Published: 2018-11-15 15:00 – Updated: 2024-08-05 03:35
    VLAI
    Summary
    An unvalidated software update vulnerability in Music Center for PC version 1.0.02 and earlier could allow a man-in-the-middle attacker to tamper with an update file and inject executable files.
    Severity
    No CVSS data available.
    CWE
    • Code injection
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN36623716/index.html third-party-advisoryx_refsource_JVN
    https://musiccenter.sony.net/en/downloads/update.php x_refsource_MISC
    Impacted products
    Vendor Product Version
    Sony Video & Sound Products Inc. Music Center for PC Affected: version 1.0.02 and earlier
    Create a notification for this product.
    Date Public
    2018-11-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:35:49.095Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#36623716",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN36623716/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://musiccenter.sony.net/en/downloads/update.php"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Music Center for PC",
              "vendor": "Sony Video \u0026 Sound Products Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 1.0.02 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2018-11-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An unvalidated software update vulnerability in Music Center for PC version 1.0.02 and earlier could allow a man-in-the-middle attacker to tamper with an update file and inject executable files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Code injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-15T14:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#36623716",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN36623716/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://musiccenter.sony.net/en/downloads/update.php"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-0690",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Music Center for PC",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version 1.0.02 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Sony Video \u0026 Sound Products Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An unvalidated software update vulnerability in Music Center for PC version 1.0.02 and earlier could allow a man-in-the-middle attacker to tamper with an update file and inject executable files."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Code injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#36623716",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN36623716/index.html"
                },
                {
                  "name": "https://musiccenter.sony.net/en/downloads/update.php",
                  "refsource": "MISC",
                  "url": "https://musiccenter.sony.net/en/downloads/update.php"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-0690",
        "datePublished": "2018-11-15T15:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:35:49.095Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-10909 (GCVE-0-2017-10909)

    Vulnerability from nvd – Published: 2017-12-22 14:00 – Updated: 2024-08-05 17:50
    VLAI
    Summary
    Untrusted search path vulnerability in Music Center for PC version 1.0.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
    Severity
    No CVSS data available.
    CWE
    • Untrusted search path vulnerability
    Assigner
    References
    URL Tags
    https://jvn.jp/en/jp/JVN60695371/index.html third-party-advisoryx_refsource_JVN
    Impacted products
    Vendor Product Version
    Sony Video & Sound Products Inc. Music Center for PC Affected: version 1.0.01 and earlier
    Create a notification for this product.
    Date Public
    2017-12-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:50:12.639Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#60695371",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN60695371/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Music Center for PC",
              "vendor": "Sony Video \u0026 Sound Products Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 1.0.01 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2017-12-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in Music Center for PC version 1.0.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Untrusted search path vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-22T13:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#60695371",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN60695371/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-10909",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Music Center for PC",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version 1.0.01 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Sony Video \u0026 Sound Products Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability in Music Center for PC version 1.0.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Untrusted search path vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#60695371",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN60695371/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-10909",
        "datePublished": "2017-12-22T14:00:00.000Z",
        "dateReserved": "2017-07-04T00:00:00.000Z",
        "dateUpdated": "2024-08-05T17:50:12.639Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-10892 (GCVE-0-2017-10892)

    Vulnerability from nvd – Published: 2017-12-01 14:00 – Updated: 2024-08-05 17:50
    VLAI
    Summary
    Untrusted search path vulnerability in Music Center for PC version 1.0.00 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
    Severity
    No CVSS data available.
    CWE
    • Untrusted search path vulnerability
    Assigner
    References
    URL Tags
    https://jvn.jp/en/jp/JVN08517069/index.html third-party-advisoryx_refsource_JVN
    Impacted products
    Date Public
    2017-11-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:50:12.585Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#08517069",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN08517069/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Music Center for PC",
              "vendor": "Sony Video \u0026 Sound Products Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 1.0.00"
                }
              ]
            }
          ],
          "datePublic": "2017-11-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in Music Center for PC version 1.0.00 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Untrusted search path vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-01T13:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#08517069",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN08517069/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-10892",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Music Center for PC",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version 1.0.00"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Sony Video \u0026 Sound Products Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability in Music Center for PC version 1.0.00 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Untrusted search path vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#08517069",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN08517069/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-10892",
        "datePublished": "2017-12-01T14:00:00.000Z",
        "dateReserved": "2017-07-04T00:00:00.000Z",
        "dateUpdated": "2024-08-05T17:50:12.585Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-10891 (GCVE-0-2017-10891)

    Vulnerability from nvd – Published: 2017-12-01 14:00 – Updated: 2024-08-05 17:50
    VLAI
    Summary
    Untrusted search path vulnerability in Media Go version 3.2.0.191 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
    Severity
    No CVSS data available.
    CWE
    • Untrusted search path vulnerability
    Assigner
    References
    URL Tags
    https://jvn.jp/en/jp/JVN08517069/index.html third-party-advisoryx_refsource_JVN
    Impacted products
    Vendor Product Version
    Sony Video & Sound Products Inc. Media Go Affected: version 3.2.0.191 and earlier
    Create a notification for this product.
    Date Public
    2017-11-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:50:12.566Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#08517069",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN08517069/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Media Go",
              "vendor": "Sony Video \u0026 Sound Products Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 3.2.0.191 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2017-11-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in Media Go version 3.2.0.191 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Untrusted search path vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-01T13:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#08517069",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN08517069/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-10891",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Media Go",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version 3.2.0.191 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Sony Video \u0026 Sound Products Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability in Media Go version 3.2.0.191 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Untrusted search path vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#08517069",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN08517069/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-10891",
        "datePublished": "2017-12-01T14:00:00.000Z",
        "dateReserved": "2017-07-04T00:00:00.000Z",
        "dateUpdated": "2024-08-05T17:50:12.566Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0690 (GCVE-0-2018-0690)

    Vulnerability from cvelistv5 – Published: 2018-11-15 15:00 – Updated: 2024-08-05 03:35
    VLAI
    Summary
    An unvalidated software update vulnerability in Music Center for PC version 1.0.02 and earlier could allow a man-in-the-middle attacker to tamper with an update file and inject executable files.
    Severity
    No CVSS data available.
    CWE
    • Code injection
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN36623716/index.html third-party-advisoryx_refsource_JVN
    https://musiccenter.sony.net/en/downloads/update.php x_refsource_MISC
    Impacted products
    Vendor Product Version
    Sony Video & Sound Products Inc. Music Center for PC Affected: version 1.0.02 and earlier
    Create a notification for this product.
    Date Public
    2018-11-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:35:49.095Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#36623716",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN36623716/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://musiccenter.sony.net/en/downloads/update.php"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Music Center for PC",
              "vendor": "Sony Video \u0026 Sound Products Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 1.0.02 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2018-11-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An unvalidated software update vulnerability in Music Center for PC version 1.0.02 and earlier could allow a man-in-the-middle attacker to tamper with an update file and inject executable files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Code injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-15T14:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#36623716",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN36623716/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://musiccenter.sony.net/en/downloads/update.php"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-0690",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Music Center for PC",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version 1.0.02 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Sony Video \u0026 Sound Products Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An unvalidated software update vulnerability in Music Center for PC version 1.0.02 and earlier could allow a man-in-the-middle attacker to tamper with an update file and inject executable files."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Code injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#36623716",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN36623716/index.html"
                },
                {
                  "name": "https://musiccenter.sony.net/en/downloads/update.php",
                  "refsource": "MISC",
                  "url": "https://musiccenter.sony.net/en/downloads/update.php"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-0690",
        "datePublished": "2018-11-15T15:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:35:49.095Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-10909 (GCVE-0-2017-10909)

    Vulnerability from cvelistv5 – Published: 2017-12-22 14:00 – Updated: 2024-08-05 17:50
    VLAI
    Summary
    Untrusted search path vulnerability in Music Center for PC version 1.0.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
    Severity
    No CVSS data available.
    CWE
    • Untrusted search path vulnerability
    Assigner
    References
    URL Tags
    https://jvn.jp/en/jp/JVN60695371/index.html third-party-advisoryx_refsource_JVN
    Impacted products
    Vendor Product Version
    Sony Video & Sound Products Inc. Music Center for PC Affected: version 1.0.01 and earlier
    Create a notification for this product.
    Date Public
    2017-12-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:50:12.639Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#60695371",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN60695371/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Music Center for PC",
              "vendor": "Sony Video \u0026 Sound Products Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 1.0.01 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2017-12-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in Music Center for PC version 1.0.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Untrusted search path vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-22T13:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#60695371",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN60695371/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-10909",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Music Center for PC",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version 1.0.01 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Sony Video \u0026 Sound Products Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability in Music Center for PC version 1.0.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Untrusted search path vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#60695371",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN60695371/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-10909",
        "datePublished": "2017-12-22T14:00:00.000Z",
        "dateReserved": "2017-07-04T00:00:00.000Z",
        "dateUpdated": "2024-08-05T17:50:12.639Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-10892 (GCVE-0-2017-10892)

    Vulnerability from cvelistv5 – Published: 2017-12-01 14:00 – Updated: 2024-08-05 17:50
    VLAI
    Summary
    Untrusted search path vulnerability in Music Center for PC version 1.0.00 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
    Severity
    No CVSS data available.
    CWE
    • Untrusted search path vulnerability
    Assigner
    References
    URL Tags
    https://jvn.jp/en/jp/JVN08517069/index.html third-party-advisoryx_refsource_JVN
    Impacted products
    Date Public
    2017-11-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:50:12.585Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#08517069",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN08517069/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Music Center for PC",
              "vendor": "Sony Video \u0026 Sound Products Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 1.0.00"
                }
              ]
            }
          ],
          "datePublic": "2017-11-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in Music Center for PC version 1.0.00 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Untrusted search path vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-01T13:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#08517069",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN08517069/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-10892",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Music Center for PC",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version 1.0.00"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Sony Video \u0026 Sound Products Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability in Music Center for PC version 1.0.00 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Untrusted search path vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#08517069",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN08517069/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-10892",
        "datePublished": "2017-12-01T14:00:00.000Z",
        "dateReserved": "2017-07-04T00:00:00.000Z",
        "dateUpdated": "2024-08-05T17:50:12.585Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-10891 (GCVE-0-2017-10891)

    Vulnerability from cvelistv5 – Published: 2017-12-01 14:00 – Updated: 2024-08-05 17:50
    VLAI
    Summary
    Untrusted search path vulnerability in Media Go version 3.2.0.191 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
    Severity
    No CVSS data available.
    CWE
    • Untrusted search path vulnerability
    Assigner
    References
    URL Tags
    https://jvn.jp/en/jp/JVN08517069/index.html third-party-advisoryx_refsource_JVN
    Impacted products
    Vendor Product Version
    Sony Video & Sound Products Inc. Media Go Affected: version 3.2.0.191 and earlier
    Create a notification for this product.
    Date Public
    2017-11-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:50:12.566Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#08517069",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN08517069/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Media Go",
              "vendor": "Sony Video \u0026 Sound Products Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 3.2.0.191 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2017-11-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in Media Go version 3.2.0.191 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Untrusted search path vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-01T13:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#08517069",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN08517069/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-10891",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Media Go",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version 3.2.0.191 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Sony Video \u0026 Sound Products Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability in Media Go version 3.2.0.191 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Untrusted search path vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#08517069",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN08517069/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-10891",
        "datePublished": "2017-12-01T14:00:00.000Z",
        "dateReserved": "2017-07-04T00:00:00.000Z",
        "dateUpdated": "2024-08-05T17:50:12.566Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2018-000103

    Vulnerability from jvndb - Published: 2018-10-09 16:22 - Updated:2019-07-26 15:57
    Severity
    Summary
    Music Center for PC improperly verifies software update files
    Details
    Music Center for PC provided by Sony Video & Sound Products Inc. contains an issue in software update process (CWE-669). As a result, under a man-in-the-middle attack, a specially crafted executable file may be downloaded and executed. DigiGnome reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000103.html",
      "dc:date": "2019-07-26T15:57+09:00",
      "dcterms:issued": "2018-10-09T16:22+09:00",
      "dcterms:modified": "2019-07-26T15:57+09:00",
      "description": "Music Center for PC provided by Sony Video \u0026 Sound Products Inc. contains an issue in software update process (CWE-669). As a result, under a man-in-the-middle attack, a specially crafted executable file may be downloaded and executed.\r\n\r\nDigiGnome reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000103.html",
      "sec:cpe": {
        "#text": "cpe:/a:sony:music_center",
        "@product": "Music Center",
        "@vendor": "Sony Video \u0026 Sound Products Inc.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "5.1",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "7.5",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2018-000103",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN36623716/",
          "@id": "JVN#36623716",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0690",
          "@id": "CVE-2018-0690",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0690",
          "@id": "CVE-2018-0690",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Music Center for PC improperly verifies software update files"
    }

    JVNDB-2017-000250

    Vulnerability from jvndb - Published: 2017-12-22 15:50 - Updated:2018-04-04 13:53
    Severity
    Summary
    The installer of Music Center for PC may insecurely load Dynamic Link Libraries
    Details
    Music Center for PC provided by Sony Video & Sound Products Inc. is a file management tool. The installer of Music Center for PC contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Note that this vulnerability is different from JVN#08517069. DigiGnome(@biz4g) reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000250.html",
      "dc:date": "2018-04-04T13:53+09:00",
      "dcterms:issued": "2017-12-22T15:50+09:00",
      "dcterms:modified": "2018-04-04T13:53+09:00",
      "description": "Music Center for PC provided by Sony Video \u0026 Sound Products Inc. is a file management tool. The installer of Music Center for PC contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nNote that this vulnerability is different from JVN#08517069.\r\n\r\nDigiGnome(@biz4g) reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000250.html",
      "sec:cpe": {
        "#text": "cpe:/a:sony:music_center",
        "@product": "Music Center",
        "@vendor": "Sony Video \u0026 Sound Products Inc.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "6.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "7.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2017-000250",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN60695371/index.html",
          "@id": "JVN#60695371",
          "@source": "JVN"
        },
        {
          "#text": "https://jvn.jp/en/ta/JVNTA91240916/index.html",
          "@id": "JVNTA#91240916",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10909",
          "@id": "CVE-2017-10909",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10909",
          "@id": "CVE-2017-10909",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "The installer of Music Center for PC may insecurely load Dynamic Link Libraries"
    }

    JVNDB-2017-000239

    Vulnerability from jvndb - Published: 2017-11-21 15:40 - Updated:2018-03-14 14:25
    Severity
    Summary
    The installer of Media Go and Music Center for PC may insecurely load Dynamic Link Libraries
    Details
    Media Go and Music Center for PC provided by Sony Group are file management tools. The installer of Media Go and Music Center for PC contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Eili Masami of Tachibana Lab. and Shun Suzaki reported CVE-2017-10891 vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000239.html",
      "dc:date": "2018-03-14T14:25+09:00",
      "dcterms:issued": "2017-11-21T15:40+09:00",
      "dcterms:modified": "2018-03-14T14:25+09:00",
      "description": "Media Go and Music Center for PC provided by Sony Group are file management tools. The installer of Media Go and Music Center for PC contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nEili Masami of Tachibana Lab. and Shun Suzaki reported CVE-2017-10891 vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000239.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:sony:media-go",
          "@product": "Media Go",
          "@vendor": "Sony Video \u0026 Sound Products Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:sony:music_center",
          "@product": "Music Center",
          "@vendor": "Sony Video \u0026 Sound Products Inc.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "6.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "7.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2017-000239",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN08517069/index.html",
          "@id": "JVN#08517069",
          "@source": "JVN"
        },
        {
          "#text": "https://jvn.jp/en/ta/JVNTA91240916/index.html",
          "@id": "JVNTA#91240916",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10891",
          "@id": "CVE-2017-10891",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10892",
          "@id": "CVE-2017-10892",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10891",
          "@id": "CVE-2017-10891",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10892",
          "@id": "CVE-2017-10892",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "The installer of Media Go and Music Center for PC may insecurely load Dynamic Link Libraries"
    }