CVE-2016-4902

Name of the Vulnerable Software and Affected Versions The Public Certification Service for Individuals "The JPKI user's software (for Windows 7 and later)" versions 3.0.1 and earlier The Public Certification Service for Individuals "The JPKI user's software (for Windows Vista)" versions 3.0.1 and earlier The Public Certification Service for Individuals "The JPKI user's software" versions 2.6 and earlier

Description The issue allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. This is due to an untrusted search path vulnerability.

Recommendations For The Public Certification Service for Individuals "The JPKI user's software (for Windows 7 and later)" versions 3.0.1 and earlier, update to a version later than 3.0.1. For The Public Certification Service for Individuals "The JPKI user's software (for Windows Vista)" versions 3.0.1 and earlier, update to a version later than 3.0.1. For The Public Certification Service for Individuals "The JPKI user's software" versions 2.6 and earlier, update to a version later than 2.6. As a temporary workaround, consider restricting access to directories that may contain Trojan horse DLLs until a patch is available.