CVE-2012-1242

Name of the Vulnerable Software and Affected Versions JustSystems Ichitaro versions 2006 through 2011 JustSystems Ichitaro Government versions 2006 through 2010 JustSystems Ichitaro Portable with oreplug JustSystems Ichitaro Viewer JUST School JUST School versions 2009 and 2010 JUST Jump 4 JUST Frontier oreplug

Description The issue allows local users to gain privileges via a Trojan horse DLL in the current working directory due to an untrusted search path vulnerability.

Recommendations For JustSystems Ichitaro versions 2006 through 2011, consider restricting access to the current working directory to minimize the risk of exploitation. For JustSystems Ichitaro Government versions 2006 through 2010, avoid using the vulnerable software until a fix is available. For JustSystems Ichitaro Portable with oreplug, JustSystems Ichitaro Viewer, JUST School, JUST School versions 2009 and 2010, JUST Jump 4, JUST Frontier, and oreplug, at the moment, there is no information about a newer version that contains a fix for this vulnerability.