Vulnerability Description
Untrusted search path vulnerability in the installer of Houkokusyo Sakusei Shien Tool ver3.0.2 (For the first installation) (The version which was available on the website from 2017 April 4 to 2017 May 18) and ver2.0 and later (For the first installation) (The versions which were available on the website prior to 2017 April 4) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Santeikohyo | Installer Of Houkokusyo Sakusei Shien Tool | 2.0 |
Related Weaknesses (CWE)
References
- http://ghg-santeikohyo.env.go.jp/files/system/report_20170526.pdfVendor Advisory
- http://ghg-santeikohyo.env.go.jp/files/system/report_20170529_rev.pdfVendor Advisory
- http://ghg-santeikohyo.env.go.jp/toolVendor Advisory
- https://jvn.jp/en/jp/JVN24087303/index.htmlPatchThird Party AdvisoryVDB Entry
- http://ghg-santeikohyo.env.go.jp/files/system/report_20170526.pdfVendor Advisory
- http://ghg-santeikohyo.env.go.jp/files/system/report_20170529_rev.pdfVendor Advisory
- http://ghg-santeikohyo.env.go.jp/toolVendor Advisory
- https://jvn.jp/en/jp/JVN24087303/index.htmlPatchThird Party AdvisoryVDB Entry
FAQ
What is CVE-2017-2209?
CVE-2017-2209 is a vulnerability with a CVSS score of 7.8 (HIGH). Untrusted search path vulnerability in the installer of Houkokusyo Sakusei Shien Tool ver3.0.2 (For the first installation) (The version which was available on the website from 2017 April 4 to 2017 Ma...
How severe is CVE-2017-2209?
CVE-2017-2209 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-2209?
Check the references section above for vendor advisories and patch information. Affected products include: Santeikohyo Installer Of Houkokusyo Sakusei Shien Tool.