Summary

There was a DLL Hijacking volunerbility in all Astah installers for Windows OSes.
This DLL hijacking vulnerability could allow an unauthenticated remote attacker to run a specific DLL in the background when you execute the Astah installer if any malicious DLL is in the same folder where Astah installer is.

Mac and Linux packages are not affected by this, only EXE installers. Also, this problem does not affect to you if you already have installed Astah.

We rebuilt all the Astah installers to resolve this DLL Hijacking volunerbility on December 5th, 2019.
Customers who have Astah installers for redistribution or future re-installation, please read the solutions below.



Affected Products

Astah installers for Windows(.exe files) except Astah version 8.2.



Solutions

  • v.8.2:
    There is no DLL Hijacking volunerbility, so you do not have to do anything.

  • v.8.1, 8.0, and 7.2:
    Discard the Astah installer if you have it and download it againn from the download page.
    On the download page, replaced installers will have the same release date and build number, but it has been rebuilt to resolve this problem.

  • v.7.1 and earliver:
    Since these versions are out of support, we do not provide updated installers with a fix to this problem.
    Please make sure there is no DLL file that you are not aware of inside the folder where Astah installer is located at executing the Astah installer.



  • v.1.5:
    Discard the Astah installer if you have it and download it againn from the download page.
    On the download page, replaced installers will have the same release date and build number, but it has been rebuilt to resolve this problem.

  • v.1.4 or earlier
    Since these versions are out of support, we do not provide updated installers with a fix to this problem.
    Please make sure there is no DLL file that you are not aware of inside the folder where Astah installer is located at executing the Astah installer.


  • v.1.2:
    Discard the Astah installer if you have it and download it againn from the download page.
    On the download page, replaced installers will have the same release date and build number, but it has been rebuilt to resolve this problem.

  • v.1.1 or earlier:
    Since these versions are out of support, we do not provide updated installers with a fix to this problem.
    Please make sure there is no DLL file that you are not aware of inside the folder where Astah installer is located at executing the Astah installer.



Reference Information

https://www.kb.cert.org/vuls/id/707943/



Version History



Contact Us

If this information is not clear to you or if you have any questions, please feel free to contact us.