SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Report a Bug
Report a vulnerability that you have found to SecurityTracker
Questions?
Want to learn about SecurityTracker? We've got answers to frequently asked questions right here
Sign Up!





Category:  Application (Generic)  >  VAIO Personal Computer Software Vendors:  Sony
Sony VAIO Personal Computers May Allow Remote Users to Access to Computer and Take Full Control of the System
Date:  Jan 27 2002
Impact:  Execution of arbitrary code via network, Root access via network
Fix Available:  Yes   Vendor Confirmed:  Yes  
Description:  Sony issued a security notice warning of a vulnerability in software pre-installed on certain VAIO Personal Computers. A remote user could access the system and take full control of the system.

A remote user can apparently inject 'hidden programs' in a web page or HTML-based e-mail message so that the code will be executed when the recipient views the web page or e-mail message.

A remote user could reportedly add, change or delete data without the owner being aware.

According to Sony, the following systems are affected:

Outside Japan
VAIO Personal Computers with the software "VAIO Manual" re-installed and sold from November 2001 in the following areas or countries:

- East Asia (excluding Mainland China)
- Southeast Asia
- Oceania
- United Arab Emirates
- Saudi Arabia
- South Africa

NOTE: VAIO Personal Computers sold in other areas (North America, Central & South America, Europe and Mainland China) are not affected.

Japan
VAIO Personal Computers with the software "VAIO Manual CyberSupport for VAIO" Version 3.0 and Version 3.1 pre-installed and sold from May 2001.
Impact:  A remote user could access the system and take full control of the system, adding, changin, or deleting data without the owner being aware.
Solution:  Sony recommends that affected owners download and install the new software program immediately.

For Customers who purchased VAIO outside Japan:
http://www.css.ap.sony.com/Vaiofaq/security/agreementen.html

For Customers who purchased VAIO in Japan: http://vcl.vaio.sony.co.jp/
Vendor URL:  vaio-online.sony.com/announcement/ (Links to External Site)
Cause:  Not specified
Underlying OS:  Windows (Any)

Message History:   None.

 Source Message Contents
Date:  Sun, 27 Jan 2002 14:09:21 -0500
Subject:  Sony VAIO Personal Computer

 

http://vaio-online.sony.com/announcement/

Important Security Notice to Sony VAIO Personal Computer Owners

Sony has recently identified a security issue in one of Sony's VAIO
software pre-installed in VAIO Personal Computers sold from November
2001 in (Name of the Country/Area) and some other countries (from May
2001 in Japan). By exploiting particular software characteristics of
these computers, a sufficiently skilled person may be able to obtain
unauthorised access to a computer via the Internet. This could enable
that person to add, change or delete data without the owner being aware
of this (For a more detailed technical explanation, please click here:
http://vaio-online.sony.com/announcement/technical_explain.html). This
issue is also present in the recovery CDs of the affected VAIO Personal
Computers (Please check the list of the "Affected VAIO Personal
Computers": http://vaio-online.sony.com/announcement/model_list.html). 

In order for an unauthorised person to successfully obtain access in
this way, a high level of technical knowledge and skills would be
required. As of today (January 24th, 2002), there have been no reports
from VAIO owners of any such violations. 

Outside Japan
VAIO Personal Computers with the software "VAIO Manual" re-installed and
sold from November 2001 in the following areas or countries:

  - East Asia (excluding Mainland China)
  - Southeast Asia
  - Oceania
  - United Arab Emirates
  - Saudi Arabia
  - South Africa

NOTE: VAIO Personal Computers sold in other areas (North America,
Central & South America, Europe and Mainland China) are not affected.

Japan
VAIO Personal Computers with the software "VAIO Manual CyberSupport for
VAIO" Version 3.0 and Version 3.1 pre-installed and sold from May 2001. 

NOTE: Customers who purchased an affected VAIO Personal Computer in
Japan are requested to refer to the announcement on the Sony websites in
Japan. 

Immediate Action Required

In order to address this issue, Sony has prepared a new program called
the "VAIO Security Enhancement Program" and recommends that owners
download and install the new software program immediately. 

For Customers who purchased VAIO outside Japan: 
http://www.css.ap.sony.com/Vaiofaq/security/agreementen.html

For Customers who purchased VAIO in Japan: http://vcl.vaio.sony.co.jp/


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC