Vulnerability Description
Untrusted search path vulnerability in Installer of "Setup file of advance preparation" (jizen_setup.exe) (The version which was available on the website prior to 2017 June 12) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| E-Tax.Nta | E-Tax | <= - |
Related Weaknesses (CWE)
References
- http://www.e-tax.nta.go.jp/topics/topics_290525.htmVendor Advisory
- https://jvn.jp/en/jp/JVN34508179/index.htmlThird Party AdvisoryVDB Entry
- https://www.keisan.nta.go.jp/oshirase/h28info/201705.htmlThird Party Advisory
- http://www.e-tax.nta.go.jp/topics/topics_290525.htmVendor Advisory
- https://jvn.jp/en/jp/JVN34508179/index.htmlThird Party AdvisoryVDB Entry
- https://www.keisan.nta.go.jp/oshirase/h28info/201705.htmlThird Party Advisory
FAQ
What is CVE-2017-2215?
CVE-2017-2215 is a vulnerability with a CVSS score of 7.8 (HIGH). Untrusted search path vulnerability in Installer of "Setup file of advance preparation" (jizen_setup.exe) (The version which was available on the website prior to 2017 June 12) allows an attacker to g...
How severe is CVE-2017-2215?
CVE-2017-2215 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-2215?
Check the references section above for vendor advisories and patch information. Affected products include: E-Tax.Nta E-Tax.