Vulnerability-Lookup - Search a vulnerability

Refine your search

Product

Sort by

Order

Sources

1 vulnerability found for K2Editor by K2 Software

jvndb-2010-000041

Vulnerability from jvndb

Published

2010-10-20 17:41

Modified

2010-10-20 17:41

Severity ?

() - -

Summary

K2Editor may insecurely load executable files

Details

K2Editor may use unsafe methods for determining how to load executables (.exe). K2Editor is a text editor. K2Editor loads certain executables (.exe) when opening the folder that contains the text file that is being edited. K2Editor contains an issue with the file search path, which may insecurely load executables. Makoto Shiotsuki reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN36921800/index.html
	JVNTR	https://jvn.jp/en/tr/JVNTR-2010-23/
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3156
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3156
	CERT-TA	http://www.us-cert.gov/cas/techalerts/TA10-238A.html
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

K2 Software

K2Editor

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000041.html",
  "dc:date": "2010-10-20T17:41+09:00",
  "dcterms:issued": "2010-10-20T17:41+09:00",
  "dcterms:modified": "2010-10-20T17:41+09:00",
  "description": "K2Editor may use unsafe methods for determining how to load executables (.exe).\r\n\r\nK2Editor is a text editor. K2Editor loads certain executables (.exe) when opening the folder that contains the text file that is being edited. K2Editor contains an issue with the file search path, which may insecurely load executables.\r\n\r\nMakoto Shiotsuki reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000041.html",
  "sec:cpe": {
    "#text": "cpe:/a:k2top:k2editor",
    "@product": "K2Editor",
    "@vendor": "K2 Software",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "5.1",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2010-000041",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN36921800/index.html",
      "@id": "JVN#36921800",
      "@source": "JVN"
    },
    {
      "#text": "https://jvn.jp/en/tr/JVNTR-2010-23/",
      "@id": "JVNTR-2010-23",
      "@source": "JVNTR"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3156",
      "@id": "CVE-2010-3156",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3156",
      "@id": "CVE-2010-3156",
      "@source": "NVD"
    },
    {
      "#text": "http://www.us-cert.gov/cas/techalerts/TA10-238A.html",
      "@id": "TA10-238A",
      "@source": "CERT-TA"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "K2Editor may insecurely load executable files"
}