CVE-2016-7818

Опубликовано: 09 июн. 2017

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

Untrusted search path vulnerability in Installers for Specification check program (social insurance) Ver. 9.00 and earlier, TODOKESHO print program Ver. 5.00 and earlier, Device data encryption program Ver. 1.00 and earlier, and TODOKESHO creation program Ver. 15.00 and earlier available prior to October 17, 2016 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.

Ссылки

http://www.nenkin.go.jp/denshibenri/setsumei/0104.html
Patch
Vendor Advisory
http://www.nenkin.go.jp/denshibenri/setsumei/20140630.html
Patch
Vendor Advisory
http://www.nenkin.go.jp/denshibenri/setsumei/20150105-03.html
Patch
Vendor Advisory
http://www.nenkin.go.jp/denshibenri/setsumei/20150415.html#cmscheck
Patch
Vendor Advisory
http://www.securityfocus.com/bid/94616
Third Party Advisory
VDB Entry
https://jvn.jp/en/jp/JVN08868688/index.html
Third Party Advisory
VDB Entry
http://www.nenkin.go.jp/denshibenri/setsumei/0104.html
Patch
Vendor Advisory
http://www.nenkin.go.jp/denshibenri/setsumei/20140630.html
Patch
Vendor Advisory
http://www.nenkin.go.jp/denshibenri/setsumei/20150105-03.html
Patch
Vendor Advisory
http://www.nenkin.go.jp/denshibenri/setsumei/20150415.html#cmscheck
Patch
Vendor Advisory
http://www.securityfocus.com/bid/94616
Third Party Advisory
VDB Entry
https://jvn.jp/en/jp/JVN08868688/index.html
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:japan_pension_service:device_data_encryption_program:1.00:*:*:*:*:*:*:*

cpe:2.3:a:japan_pension_service:specification_check_program:9.00:*:*:*:*:*:*:*

cpe:2.3:a:japan_pension_service:todokesho_creation_program:15.00:*:*:*:*:*:*:*

cpe:2.3:a:japan_pension_service:todokesho_print_program:5.00:*:*:*:*:*:*:*

EPSS

Процентиль: 45%

0.00223

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-6j3f-x2f3-whq9