jacob-project icon indicating copy to clipboard operation
jacob-project copied to clipboard

Published 20 hours ago verified publisher icon freemansoft

Process Control (CWE ID 114) vulnerability in LibraryLoader.java

Open freemansoft opened this issue 4 years ago • 0 comments

This Defect was copied from Sourceforge. LibraryLoader dynamically loads it's dll. https://github.com/freemansoft/jacob-project/blob/master/src/com/jacob/com/LibraryLoader.java

System.load(path); System.loadLibrary(name);

This is by design. I'm not sure how we would fix it other than possibly finding a way of loading the dll directly from the JAR file.

Created: Mon Jan 29, 2018 07:11 AM UTC by Pavel Shelentsov Last Updated: Mon Jan 29, 2018 07:11 AM UTC

jacob_1.18.pdf (194.9 kB; application/pdf) Hello, We use JACOB in our project, and after sources analysis using static veracode analyzer we have found vulnerability in JACOB's sources:

Process Control vulnerability (CWE 114). In short: An argument to a process control function is either derived from an untrusted source or is hard-coded, both of which may allow an attacker to execute malicious code under certain conditions.

There are two occurrences of this flaw:

/com/jacob/com/LibraryLoader.java line: 151 /com/jacob/com/LibraryLoader.java line: 184

You can see detailed report in attached file.

freemansoft avatar Sep 25 '20 04:09 freemansoft