CVE-2017-2209
Published Jun 9, 2017
Last updated 5 years ago
Overview
- Description
- Untrusted search path vulnerability in the installer of Houkokusyo Sakusei Shien Tool ver3.0.2 (For the first installation) (The version which was available on the website from 2017 April 4 to 2017 May 18) and ver2.0 and later (For the first installation) (The versions which were available on the website prior to 2017 April 4) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- Source
- vultures@jpcert.or.jp
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-426
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:santeikohyo:installer_of_houkokusyo_sakusei_shien_tool:2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B5CFB799-4869-4EE5-975B-783E16A959EE"
},
{
"criteria": "cpe:2.3:a:santeikohyo:installer_of_houkokusyo_sakusei_shien_tool:3.02:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6C5F17E3-DA72-46B5-9354-2CF9174651E8"
},
{
"criteria": "cpe:2.3:a:santeikohyo:installer_of_houkokusyo_sakusei_shien_tool:3.03:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "405F79B7-09CF-4D2B-AD86-56C535EBF51B"
}
],
"operator": "OR"
}
]
}
]