Description
Untrusted search path vulnerability in NFC Port Software Version 5.5.0.6 and earlier (for RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S), NFC Port Software Version 5.3.6.7 and earlier (for RC-S320, RC-S310/J1C, RC-S310/ED4C), PC/SC Activator for Type B Ver.1.2.1.0 and earlier, SFCard Viewer 2 Ver.2.5.0.0 and earlier, NFC Net Installer Ver.1.1.0.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
References (1)
Core 1
Core References
Third Party Advisory, VDB Entry third-party-advisory
x_refsource_jvn
https://jvn.jp/en/jp/JVN16136413/index.html
Scores
CVSS v3
7.8
EPSS
0.0108
EPSS Percentile
60.7%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-427
Status
published
Products (9)
sony/nfc_net_installer
< 1.1.0.0
sony/nfc_port_firmware
< 5.5.0.6
sony/pc\/sc_activator_for_type_b
< 1.2.1.0
sony/sfcard_viewer_2
2.5.0.0
Sony Corporation/NFC Net Installer
Ver.1.1.0.0 and earlier
Sony Corporation/NFC Port Software (for RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S)
Version 5.5.0.6 and earlier
Sony Corporation/NFC Port Software (for RC-S320, RC-S310/J1C, RC-S310/ED4C)
Version 5.3.6.7 and earlier
Sony Corporation/PC/SC Activator for Type B
Ver.1.2.1.0 and earlier
Sony Corporation/SFCard Viewer 2
Ver.2.5.0.0 and earlier
Published
Aug 02, 2017
Tracked Since
Feb 18, 2026