CVE-2016-7818 — HIGH (7.8) — White Hats Nepal

Vulnerability Description

Untrusted search path vulnerability in Installers for Specification check program (social insurance) Ver. 9.00 and earlier, TODOKESHO print program Ver. 5.00 and earlier, Device data encryption program Ver. 1.00 and earlier, and TODOKESHO creation program Ver. 15.00 and earlier available prior to October 17, 2016 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.

CVSS Score

7.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Japan Pension Service	Device Data Encryption Program	1.00
Japan Pension Service	Specification Check Program	9.00
Japan Pension Service	Todokesho Creation Program	15.00
Japan Pension Service	Todokesho Print Program	5.00

Related Weaknesses (CWE)

CWE-264

References

http://www.nenkin.go.jp/denshibenri/setsumei/0104.htmlPatchVendor Advisory
http://www.nenkin.go.jp/denshibenri/setsumei/20140630.htmlPatchVendor Advisory
http://www.nenkin.go.jp/denshibenri/setsumei/20150105-03.htmlPatchVendor Advisory
http://www.nenkin.go.jp/denshibenri/setsumei/20150415.html#cmscheckPatchVendor Advisory
http://www.securityfocus.com/bid/94616Third Party AdvisoryVDB Entry
https://jvn.jp/en/jp/JVN08868688/index.htmlThird Party AdvisoryVDB Entry
http://www.nenkin.go.jp/denshibenri/setsumei/0104.htmlPatchVendor Advisory
http://www.nenkin.go.jp/denshibenri/setsumei/20140630.htmlPatchVendor Advisory
http://www.nenkin.go.jp/denshibenri/setsumei/20150105-03.htmlPatchVendor Advisory
http://www.nenkin.go.jp/denshibenri/setsumei/20150415.html#cmscheckPatchVendor Advisory
http://www.securityfocus.com/bid/94616Third Party AdvisoryVDB Entry
https://jvn.jp/en/jp/JVN08868688/index.htmlThird Party AdvisoryVDB Entry

FAQ

What is CVE-2016-7818?

CVE-2016-7818 is a vulnerability with a CVSS score of 7.8 (HIGH). Untrusted search path vulnerability in Installers for Specification check program (social insurance) Ver. 9.00 and earlier, TODOKESHO print program Ver. 5.00 and earlier, Device data encryption progra...

How severe is CVE-2016-7818?

CVE-2016-7818 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-7818?

Check the references section above for vendor advisories and patch information. Affected products include: Japan Pension Service Device Data Encryption Program, Japan Pension Service Specification Check Program, Japan Pension Service Todokesho Creation Program, Japan Pension Service Todokesho Print Program.