CVE-2017-2209
Description
Untrusted search path vulnerability in the installer of Houkokusyo Sakusei Shien Tool ver3.0.2 (For the first installation) (The version which was available on the website from 2017 April 4 to 2017 May 18) and ver2.0 and later (For the first installation) (The versions which were available on the website prior to 2017 April 4) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| santeikohyo | installer_of_houkokusyo_sakusei_shien_tool | 2.0 | |
| santeikohyo | installer_of_houkokusyo_sakusei_shien_tool | 3.02 | |
| santeikohyo | installer_of_houkokusyo_sakusei_shien_tool | 3.03 | |
References
- http://ghg-santeikohyo.env.go.jp/files/system/report_20170526.pdf
- http://ghg-santeikohyo.env.go.jp/files/system/report_20170529_rev.pdf
- http://ghg-santeikohyo.env.go.jp/tool
- https://jvn.jp/en/jp/JVN24087303/index.html
- http://ghg-santeikohyo.env.go.jp/files/system/report_20170526.pdf
- http://ghg-santeikohyo.env.go.jp/files/system/report_20170529_rev.pdf
- http://ghg-santeikohyo.env.go.jp/tool
- https://jvn.jp/en/jp/JVN24087303/index.html
CWEs
CWE-426
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.