Vulnerability Description
Untrusted search path vulnerability in installers for The Public Certification Service for Individuals "The JPKI user's software (for Windows 7 and later)" Ver3.1 and earlier, The Public Certification Service for Individuals "The JPKI user's software (for Windows Vista)", The Public Certification Service for Individuals "The JPKI user's software" Ver2.6 and earlier that were available until April 27, 2017 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jpki | The Public Certification Service For Individuals | <= 2.6 |
Related Weaknesses (CWE)
References
- http://jvn.jp/en/jp/JVN39605485/index.htmlThird Party AdvisoryVDB Entry
- https://www.jpki.go.jp/download/win.html#dlPatchVendor Advisory
- http://jvn.jp/en/jp/JVN39605485/index.htmlThird Party AdvisoryVDB Entry
- https://www.jpki.go.jp/download/win.html#dlPatchVendor Advisory
FAQ
What is CVE-2017-2157?
CVE-2017-2157 is a vulnerability with a CVSS score of 7.3 (HIGH). Untrusted search path vulnerability in installers for The Public Certification Service for Individuals "The JPKI user's software (for Windows 7 and later)" Ver3.1 and earlier, The Public Certification...
How severe is CVE-2017-2157?
CVE-2017-2157 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-2157?
Check the references section above for vendor advisories and patch information. Affected products include: Jpki The Public Certification Service For Individuals.