cnvd - cnvd-2017-29218

cnvd-2017-29218

Vulnerability from cnvd

Title

Installer of Shin Kikan Toukei Houkoku Data不可信搜索路径漏洞

Description

Shin Kinkyuji Houkoku Data Nyuryoku Program是日本Agency for Natural Resources and Energy of Ministry，Trade and Industry（METI）的一款石油行业基本统计报表数据输入程序。Installer是其中的一个安装程序。 Shin Kinkyuji Houkoku Data Nyuryoku Program中的安装程序存在不可信搜索路径漏洞。远程攻击者可借助目录下的恶意DLL利用该漏洞获取权限。

Severity

高

Patch Name

Installer of Shin Kikan Toukei Houkoku Data不可信搜索路径漏洞的补丁

Patch Description

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： http://www.enecho.meti.go.jp/statistics/petroleum_and_lpgas/oil_enterprise/001/

Reference

http://jvn.jp/en/jp/JVN73559859/

Impacted products

Name
Agency for Natural Resources and Energy of Ministry of Economy,Trade and Industry (METI) Installer of Shin Kikan Toukei Houkoku Data Nyuryokuyou Program

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-10821"
    }
  },
  "description": "Shin Kinkyuji Houkoku Data Nyuryoku Program\u662f\u65e5\u672cAgency for Natural Resources and Energy of Ministry\uff0cTrade and Industry\uff08METI\uff09\u7684\u4e00\u6b3e\u77f3\u6cb9\u884c\u4e1a\u57fa\u672c\u7edf\u8ba1\u62a5\u8868\u6570\u636e\u8f93\u5165\u7a0b\u5e8f\u3002Installer\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u5b89\u88c5\u7a0b\u5e8f\u3002\r\n\r\nShin Kinkyuji Houkoku Data Nyuryoku Program\u4e2d\u7684\u5b89\u88c5\u7a0b\u5e8f\u5b58\u5728\u4e0d\u53ef\u4fe1\u641c\u7d22\u8def\u5f84\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u76ee\u5f55\u4e0b\u7684\u6076\u610fDLL\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u6743\u9650\u3002",
  "discovererName": "Eili Masami of Tachibana Lab.",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://www.enecho.meti.go.jp/statistics/petroleum_and_lpgas/oil_enterprise/001/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-29218",
  "openTime": "2017-10-09",
  "patchDescription": "Shin Kinkyuji Houkoku Data Nyuryoku Program\u662f\u65e5\u672cAgency for Natural Resources and Energy of Ministry\uff0cTrade and Industry\uff08METI\uff09\u7684\u4e00\u6b3e\u77f3\u6cb9\u884c\u4e1a\u57fa\u672c\u7edf\u8ba1\u62a5\u8868\u6570\u636e\u8f93\u5165\u7a0b\u5e8f\u3002Installer\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u5b89\u88c5\u7a0b\u5e8f\u3002\r\n\r\nShin Kinkyuji Houkoku Data Nyuryoku Program\u4e2d\u7684\u5b89\u88c5\u7a0b\u5e8f\u5b58\u5728\u4e0d\u53ef\u4fe1\u641c\u7d22\u8def\u5f84\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u76ee\u5f55\u4e0b\u7684\u6076\u610fDLL\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Installer of Shin Kikan Toukei Houkoku Data\u4e0d\u53ef\u4fe1\u641c\u7d22\u8def\u5f84\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Agency for Natural Resources and Energy of Ministry of Economy,Trade and Industry (METI) Installer of Shin Kikan Toukei Houkoku Data Nyuryokuyou Program"
  },
  "referenceLink": "http://jvn.jp/en/jp/JVN73559859/",
  "serverity": "\u9ad8",
  "submitTime": "2017-08-18",
  "title": "Installer of Shin Kikan Toukei Houkoku Data\u4e0d\u53ef\u4fe1\u641c\u7d22\u8def\u5f84\u6f0f\u6d1e"
}

CVE-2017-10821 (GCVE-0-2017-10821)

Vulnerability from cvelistv5

Published

2017-08-18 13:00

Modified

2024-08-05 17:50

Severity ?

CWE

Untrusted search path vulnerability

Summary

Untrusted search path vulnerability in Installer for Shin Kikan Toukei Houkoku Data Nyuryokuyou Program (program released on 2013 September 30) Distributed on the website until 2017 May 17 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

References

URL

Tags

https://jvn.jp/en/jp/JVN73559859/index.html

third-party-advisory, x_refsource_JVN