Tera Term installer has vulnerability of DLL loading without intent

Last Update: June 1, 2017

Overview

The installer of Tera Term 4.94 or earlier has vulnerability of DLL loading without intent.
When this vulnerability is used for bad ends, a malicious third person will execute any code on installer startup.

This vulnerability only affects on installer startup, so Tera Term already installed does not have the problem.
Newly, please use below method when Tera Term is installed.

Affected version

The installer of Tera Term 4.94 or earlier.
The zip archive can not be affected.

Impact

Any DLL file may be loaded without intent on installer startup.
The DLL file that a malicious third person stores into the installer directory will be loaded,
and then any code will be executed.

Tera Term already installed does not have the problem because this vulnerability only affects on installer startup.

Solution

Please use the latest installer when installing or upgrading the Tera Term.

Workaround

Please use below method to install an older version.

References

Acknowledgment

Thank you for Eiri Masami of Tachibana General Laboratories, IPA and JPCERT/CC relationship.

History

Contact

Email: ttssh2-nospam-security@lists.osdn.me