PT-2017-15258 · Unknown · Houkokusyo Sakusei Shien Tool

Blackwingcat

Publicado

2017-06-09

Atualizado

2019-10-03

CVE-2017-2209

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Houkokusyo Sakusei Shien Tool version 3.0.2 Houkokusyo Sakusei Shien Tool versions 2.0 and later

Description The issue is related to an untrusted search path vulnerability in the installer. This vulnerability allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Recommendations For Houkokusyo Sakusei Shien Tool version 3.0.2, update to a version that is not affected by this issue. For Houkokusyo Sakusei Shien Tool versions 2.0 and later, update to a version that is not affected by this issue. As a temporary workaround, consider restricting access to the installer to minimize the risk of exploitation.

Correção

Untrusted Search Path

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-426

Identificadores relacionados

CVE-2017-2209

Produtos afetados

Houkokusyo Sakusei Shien Tool

PT-2017-15258 · Unknown · Houkokusyo Sakusei Shien Tool

CVE-2017-2209

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6