cnvd-2017-14902
Vulnerability from cnvd
Title
Douro Kouji Kanseizutou Check Program不可信搜索路径漏洞
Description
Douro Kouji Kanseizutou Check Program是日本National Institute for Land and Infrastructure Management(国家土地和基础设施管理研究所)发布的一款道路建设竣工图纸检查程序。 Douro Kouji Kanseizutou Check Program 3.1及之前的版本中存在不可信搜索路径漏洞。远程攻击者可借助恶意的DLL利用该漏洞获取权限。
Severity
Formal description

厂商尚未提供漏洞修复方案,请关注厂商主页更新: http://www.nilim-cdrw.jp/

Reference
http://jvn.jp/en/jp/JVN82120115/index.html https://nvd.nist.gov/vuln/detail/CVE-2017-2230
Impacted products
Name
National Institute for Land and Infrastructure Management Douro Kouji Kanseizutou Check Program <=Ver3.1 (cdrw_checker_3.1.0.lzh)
Show details on source website

To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-2230"
    }
  },
  "description": "Douro Kouji Kanseizutou Check Program\u662f\u65e5\u672cNational Institute for Land and Infrastructure Management\uff08\u56fd\u5bb6\u571f\u5730\u548c\u57fa\u7840\u8bbe\u65bd\u7ba1\u7406\u7814\u7a76\u6240\uff09\u53d1\u5e03\u7684\u4e00\u6b3e\u9053\u8def\u5efa\u8bbe\u7ae3\u5de5\u56fe\u7eb8\u68c0\u67e5\u7a0b\u5e8f\u3002\r\n\r\nDouro Kouji Kanseizutou Check Program 3.1\u53ca\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u4e0d\u53ef\u4fe1\u641c\u7d22\u8def\u5f84\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u6076\u610f\u7684DLL\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u6743\u9650\u3002",
  "discovererName": "Eili Masami of Tachibana Lab.",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttp://www.nilim-cdrw.jp/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-14902",
  "openTime": "2017-07-18",
  "products": {
    "product": "National Institute for Land and Infrastructure Management Douro Kouji Kanseizutou Check Program \u003c=Ver3.1 (cdrw_checker_3.1.0.lzh)"
  },
  "referenceLink": "http://jvn.jp/en/jp/JVN82120115/index.html\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2230",
  "serverity": "\u4e2d",
  "submitTime": "2017-07-10",
  "title": "Douro Kouji Kanseizutou Check Program\u4e0d\u53ef\u4fe1\u641c\u7d22\u8def\u5f84\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.