Skip to main content

Untrusted Search Path

CVE-2017-10821

Severity High
Score 7.8/10

Summary

Untrusted search path vulnerability in Installer for Shin Kikan Toukei Houkoku Data Nyuryokuyou Program (program released on 2013 September 30) Distributed on the website until 2017 May 17 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • LOW
  • LOCAL
  • HIGH
  • UNCHANGED
  • REQUIRED
  • NONE
  • HIGH
  • HIGH

CWE-426 - Untrusted Search Path

The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control.

References

Advisory Timeline

  • Published