Sony has recently identified a software vulnerability involving a buffer overflow in the network connection software installed on certain VAIO® personal computers. A security update for this issue has been released and we recommend that all customers who have an affected model immediately install the update.
The affected models include all VAIO personal computers that have one of the following programs preinstalled:
- VAIO PC Wireless LAN Wizard version 1.0
- VAIO Wireless Wizard version 1.00, 1.00_64, 1.0.1, 2.0, or 3.0
- SmartWi™ Connection Utility version 4.7, 4.7.4, 4.8, 4.9, 4.10, or 4.11
- VAIO Easy Connect software version 1.0.0 or 1.1.0
The vulnerability could potentially allow arbitrary code to run on the affected models when browsing a web-site made by a malicious attacker.
IMPORTANT: There have been no reported instances of this vulnerability being exploited as of January 5, 2012.
A security update has been released for the affected models that resolves this issue, and we recommend that all customers who have an affected model immediately install the latest version of the software by using the VAIO Update utility.
NOTE: If you are using the default VAIO Update utility settings, the update will be installed automatically.
The update is also available online.
Look for one of the following downloads under the Wireless category:
- VAIO Easy Connect Update (SOAOTH-00264236-1040.EXE - 20.06 MB)
- Wireless Component Update (SOAOTH-00263500-1040.EXE - 3.68 MB)
If neither of these downloads are listed, then your computer is not affected by the issue.
Sony would like to thank High-Tech Bridge SA for reporting this issue and working with us to help protect our customers.