CVE-2017-2176

Опубликовано: 09 июн. 2017

Источник: nvd

CVSS3: 7.8

CVSS2: 9.3

EPSS Низкий

Описание

Untrusted search path vulnerability in screensaver installers (jasdf_01.exe, jasdf_02.exe, jasdf_03.exe, jasdf_04.exe, jasdf_05.exe, scramble_setup.exe, clock_01_setup.exe, clock_02_setup.exe) available prior to May 25, 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Ссылки

http://jvn.jp/en/jp/JVN41185163/index.html
Third Party Advisory
VDB Entry
http://www.mod.go.jp/asdf/information/index.html
Third Party Advisory
http://www.securityfocus.com/bid/98823
Third Party Advisory
VDB Entry
http://jvn.jp/en/jp/JVN41185163/index.html
Third Party Advisory
VDB Entry
http://www.mod.go.jp/asdf/information/index.html
Third Party Advisory
http://www.securityfocus.com/bid/98823
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jasdf:screensavers:-:*:*:*:*:*:*:*

EPSS

Процентиль: 61%

0.00419

Низкий

7.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-426

Связанные уязвимости

GHSA-3cx6-v6rm-9gqv