PT-2017-15329 · Microsoft · Qua Station Connection Tool
Eili Masami
·
Published
2017-08-18
·
Updated
2017-08-22
·
CVE-2017-2289
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Qua station connection tool for Windows version 1.00.03
Description
The issue concerns an untrusted search path vulnerability in the Installer of the Qua station connection tool. This vulnerability allows an attacker to gain privileges by using a Trojan horse DLL in an unspecified directory.
Recommendations
For version 1.00.03, consider restricting access to the Installer to minimize the risk of exploitation until a patch is available.
Fix
Untrusted Search Path
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Qua Station Connection Tool