CVE-2015-5672

Published: Nov 6, 2015Modified: May 6, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

TYPE-MOON Fate/stay night, Fate/hollow ataraxia, Witch on the Holy Night, and Fate/stay night + hollow ataraxia set allow remote attackers to execute arbitrary OS commands via crafted saved data.

Affected (4)

Products: Typemoon: Fate/hollow Ataraxia, Fate/stay Night, Fate/stay Night + Hollow Ataraxia Set, Witch On The Holy Night

4 products

Fate/hollow Ataraxia

Fate/stay Night

Fate/stay Night + Hollow Ataraxia Set

Witch On The Holy Night

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Typemoon Fate/hollow Ataraxia	All versions
Typemoon Fate/stay Night	All versions
Typemoon Fate/stay Night + Hollow Ataraxia Set	All versions
Typemoon Witch On The Holy Night	All versions

Related CWEs

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (6)

http://jvn.jp/en/jp/JVN80144272/index.html

Source: vultures@jpcert.or.jp

Vendor Advisory

http://jvndb.jvn.jp/jvndb/JVNDB-2015-000174

Source: vultures@jpcert.or.jp

Vendor Advisory

http://www.typemoon.com/support/vulnerability150902.html

Source: vultures@jpcert.or.jp

Vendor Advisory

http://jvn.jp/en/jp/JVN80144272/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://jvndb.jvn.jp/jvndb/JVNDB-2015-000174

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.typemoon.com/support/vulnerability150902.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.