CVE-2018-0624 (GCVE-0-2018-0624)

Vulnerability from cvelistv5 – Published: 2018-09-07 14:00 – Updated: 2024-08-05 03:28
VLAI?
Summary
Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver.20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This flaw exists within the handling of ykkapi.dll loaded by the vulnerable products.
Severity ?
No CVSS data available.
CWE
  • Untrusted search path vulnerability
Assigner
References
http://jvn.jp/en/jp/JVN06813756/index.html third-party-advisoryx_refsource_JVN
Impacted products
Vendor Product Version
Yayoi Co., Ltd. Multiple Yayoi 17 Series products Affected: (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver.20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:28:11.317Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVN#06813756",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN06813756/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Multiple Yayoi 17 Series products",
          "vendor": "Yayoi Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "(Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver.20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier)"
            }
          ]
        }
      ],
      "datePublic": "2018-07-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver.20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This flaw exists within the handling of ykkapi.dll loaded by the vulnerable products."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Untrusted search path vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-07T13:57:01",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "JVN#06813756",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN06813756/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-0624",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Multiple Yayoi 17 Series products",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "(Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver.20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Yayoi Co., Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver.20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This flaw exists within the handling of ykkapi.dll loaded by the vulnerable products."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#06813756",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN06813756/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2018-0624",
    "datePublished": "2018-09-07T14:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-08-05T03:28:11.317Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yayoi-kk:aoiro_shinkoku:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"23.1.1\", \"matchCriteriaId\": \"DC9BFB2D-66C9-4C25-90E6-E1DAE1834D7A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yayoi-kk:hanbai:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"20.0.2\", \"matchCriteriaId\": \"1F879E6B-1C1A-4A19-A73C-7CCE422DBDCB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yayoi-kk:kaikei:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"23.1.1\", \"matchCriteriaId\": \"EE58A245-C499-45EC-B155-C79868CAB652\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yayoi-kk:kokyaku_kanri:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"11.0.2\", \"matchCriteriaId\": \"C5320727-E4F1-4736-9F6F-54D01B1225C5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yayoi-kk:kyuuyo:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"20.1.4\", \"matchCriteriaId\": \"30A74833-B37A-42C2-81D7-DAE84DA13003\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yayoi-kk:kyuuyo_keisan:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"20.1.4\", \"matchCriteriaId\": \"B9EBE469-879C-41EC-8040-4B076330B6AC\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver.20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This flaw exists within the handling of ykkapi.dll loaded by the vulnerable products.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de ruta de b\\u00fasqueda no fiable en m\\u00faltiples productos Yayoi 17 Series (Yayoi Kaikei 17 Series Ver.23.1.1 y anteriores, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 y anteriores, Yayoi Kyuuyo 17 Ver.20.1.4 y anteriores, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 y anteriores, Yayoi Hanbai 17 Series Ver.20.0.2 y anteriores y Yayoi Kokyaku Kanri 17 Ver.11.0.2 y anteriores) permite que un atacante obtenga privilegios mediante un DLL troyano en un directorio sin especificar. Este error existe en el manejo de ykkapi.dll cargado por los productos vulnerables.\"}]",
      "id": "CVE-2018-0624",
      "lastModified": "2024-11-21T03:38:36.680",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2018-09-07T14:29:00.490",
      "references": "[{\"url\": \"http://jvn.jp/en/jp/JVN06813756/index.html\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://jvn.jp/en/jp/JVN06813756/index.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "vultures@jpcert.or.jp",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-426\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-0624\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2018-09-07T14:29:00.490\",\"lastModified\":\"2024-11-21T03:38:36.680\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver.20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This flaw exists within the handling of ykkapi.dll loaded by the vulnerable products.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de ruta de b\u00fasqueda no fiable en m\u00faltiples productos Yayoi 17 Series (Yayoi Kaikei 17 Series Ver.23.1.1 y anteriores, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 y anteriores, Yayoi Kyuuyo 17 Ver.20.1.4 y anteriores, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 y anteriores, Yayoi Hanbai 17 Series Ver.20.0.2 y anteriores y Yayoi Kokyaku Kanri 17 Ver.11.0.2 y anteriores) permite que un atacante obtenga privilegios mediante un DLL troyano en un directorio sin especificar. Este error existe en el manejo de ykkapi.dll cargado por los productos vulnerables.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-426\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yayoi-kk:aoiro_shinkoku:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"23.1.1\",\"matchCriteriaId\":\"DC9BFB2D-66C9-4C25-90E6-E1DAE1834D7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yayoi-kk:hanbai:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"20.0.2\",\"matchCriteriaId\":\"1F879E6B-1C1A-4A19-A73C-7CCE422DBDCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yayoi-kk:kaikei:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"23.1.1\",\"matchCriteriaId\":\"EE58A245-C499-45EC-B155-C79868CAB652\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yayoi-kk:kokyaku_kanri:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"11.0.2\",\"matchCriteriaId\":\"C5320727-E4F1-4736-9F6F-54D01B1225C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yayoi-kk:kyuuyo:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"20.1.4\",\"matchCriteriaId\":\"30A74833-B37A-42C2-81D7-DAE84DA13003\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yayoi-kk:kyuuyo_keisan:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"20.1.4\",\"matchCriteriaId\":\"B9EBE469-879C-41EC-8040-4B076330B6AC\"}]}]}],\"references\":[{\"url\":\"http://jvn.jp/en/jp/JVN06813756/index.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://jvn.jp/en/jp/JVN06813756/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.