PT-2017-15218 · Just+2 · Just Frontier+9
Published
2017-04-28
·
Updated
2017-05-12
·
CVE-2017-2154
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Hanako versions 2015 through 2017
Hanako Pro version 3
JUST Office versions 3 [Standard] through 3 [Eco Print Package]
JUST Office 3 & Tri-De DataProtect Package
JUST Government version 3
JUST Jump Class version 2
JUST Frontier version 3
JUST School version 6 Premium
Hanako Police version 5
JUST Police version 3
Hanako 2017 trial version
Description
The issue allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory due to an untrusted search path vulnerability.
Recommendations
For Hanako versions 2015 through 2017, Hanako Pro version 3, JUST Office versions 3 [Standard] through 3 [Eco Print Package], JUST Office 3 & Tri-De DataProtect Package, JUST Government version 3, JUST Jump Class version 2, JUST Frontier version 3, JUST School version 6 Premium, Hanako Police version 5, JUST Police version 3, and Hanako 2017 trial version: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hanako
Hanako Police
Hanako Pro
Just Frontier
Just Government
Just Jump Class
Just Office
Just Police
Just School
Tri-De Dataprotect Package