PT-2023-6857 · Elecom · Elecom Camera Assistant

Tomohisa Hasegawa

Published

2023-02-14

Updated

2025-03-19

CVE-2023-22368

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ELECOM Camera Assistant version 1.00 QuickFileDealer versions 1.2.1 and earlier

Description The issue is related to an untrusted search path vulnerability. This vulnerability allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Recommendations For ELECOM Camera Assistant version 1.00, update to a version that fixes the untrusted search path vulnerability. For QuickFileDealer versions 1.2.1 and earlier, update to a version that fixes the untrusted search path vulnerability. As a temporary workaround, consider restricting access to directories where a Trojan horse DLL could be placed to minimize the risk of exploitation.

Fix

Untrusted Search Path

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-426

Related Identifiers

BDU:2023-07869

CVE-2023-22368

Affected Products

Elecom Camera Assistant

PT-2023-6857 · Elecom · Elecom Camera Assistant

CVE-2023-22368

Weakness Enumeration

Related Identifiers

Affected Products

References · 8