Dear Valued Sony Customer,
Sony has recently identified a software vulnerability involving a buffer overflow in the network connection software installed on certain VAIO personal computers. A security update for this issue has been released and Sony recommends that all customers who have Affected Models immediately install the update.
VAIO personal computers that have one of the following programs preinstalled.
- VAIO PC Wireless LAN Wizard version 1.0
- VAIO Wireless Wizard version 1.00, 1.00_64, 1.0.1, 2.0, or 3.0
- SmartWi Connection Utility version 4.7, 4.7.4, 4.8, 4.9, 4.10, or 4.11
- VAIO Easy Connect software version 1.0.0 or 1.1.0
The vulnerability could potentially allow arbitrary code to run on the Affected Models when browsing a web-site made by a malicious attacker.
Note: There have been no reported instances of this vulnerability being exploited as of January 5, 2012.
Sony has released a security update for the Affected Models that resolves this issue. Sony recommends that all customers who have Affected Models immediately install the latest version of the software by using VAIO Update.
Note: If you are using the default VAIO Update settings the update will be installed automatically.
The update program is also available for download from the Drivers & Software page of affected models. Look for one of the following downloads under Wireless:
- VAIO Easy Connect Update (EP0000600406.exe)
- Wireless Component Update (EP0000600399.exe)
Note: If neither of these downloads are listed then your computer is not affected by this issue.
Sony would like to thank High-Tech Bridge SA Security Research Lab for reporting this issue and working with Sony to help protect our customers.