PT-2017-15258 · Unknown · Houkokusyo Sakusei Shien Tool

Blackwingcat

Published

2017-06-09

Updated

2019-10-03

CVE-2017-2209

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Houkokusyo Sakusei Shien Tool version 3.0.2 Houkokusyo Sakusei Shien Tool versions 2.0 and later

Description The issue is related to an untrusted search path vulnerability in the installer. This vulnerability allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Recommendations For Houkokusyo Sakusei Shien Tool version 3.0.2, update to a version that is not affected by this issue. For Houkokusyo Sakusei Shien Tool versions 2.0 and later, update to a version that is not affected by this issue. As a temporary workaround, consider restricting access to the installer to minimize the risk of exploitation.

Fix

Untrusted Search Path

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-426

Related Identifiers

CVE-2017-2209

Affected Products

Houkokusyo Sakusei Shien Tool

PT-2017-15258 · Unknown · Houkokusyo Sakusei Shien Tool

CVE-2017-2209

Weakness Enumeration

Related Identifiers

Affected Products

References · 6