Untrusted Search Path

CVE-2017-10823

High

7.8/10

Summary

Untrusted search path vulnerability in Installer for Shin Kinkyuji Houkoku Data Nyuryoku Program (program released on 2011 March 10) Distributed on the website till 2017 May 17 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-426 - Untrusted Search Path

The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control.

References

Advisory Timeline

Published Aug 18, 2017

Untrusted Search Path

CVE-2017-10823

Summary

CWE-426 - Untrusted Search Path

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS