cnvd - cnvd-2017-29450

cnvd-2017-29450

Vulnerability from cnvd

Title

TDB CA TypeA use software不可信搜索路径漏洞

Description

TDB CA TypeA use software是日本Teikoku Databak（TDB）公司的一套TypeA IC卡管理系统。 TDB CA TypeA use software 5.2及之前的版本中存在不可信搜索路径漏洞。攻击者可借助目录下恶意的DLL利用该漏洞获取权限。

Severity

高

Patch Name

TDB CA TypeA use software不可信搜索路径漏洞的补丁

Patch Description

TDB CA TypeA use software是日本Teikoku Databak（TDB）公司的一套TypeA IC卡管理系统。 TDB CA TypeA use software 5.2及之前的版本中存在不可信搜索路径漏洞。攻击者可借助目录下恶意的DLL利用该漏洞获取权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： http://www.tdb.co.jp/typeA/

Reference

https://jvn.jp/en/jp/JVN18641169/index.html

Impacted products

Name
Teikoku Databak TDB CA TypeA use software <=5.2

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-10824"
    }
  },
  "description": "TDB CA TypeA use software\u662f\u65e5\u672cTeikoku Databak\uff08TDB\uff09\u516c\u53f8\u7684\u4e00\u5957TypeA IC\u5361\u7ba1\u7406\u7cfb\u7edf\u3002\r\n\r\nTDB CA TypeA use software 5.2\u53ca\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u4e0d\u53ef\u4fe1\u641c\u7d22\u8def\u5f84\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u76ee\u5f55\u4e0b\u6076\u610f\u7684DLL\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u6743\u9650\u3002",
  "discovererName": "Eili Masami of Tachibana Lab.",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://www.tdb.co.jp/typeA/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-29450",
  "openTime": "2017-10-10",
  "patchDescription": "TDB CA TypeA use software\u662f\u65e5\u672cTeikoku Databak\uff08TDB\uff09\u516c\u53f8\u7684\u4e00\u5957TypeA IC\u5361\u7ba1\u7406\u7cfb\u7edf\u3002\r\n\r\nTDB CA TypeA use software 5.2\u53ca\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u4e0d\u53ef\u4fe1\u641c\u7d22\u8def\u5f84\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u76ee\u5f55\u4e0b\u6076\u610f\u7684DLL\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "TDB CA TypeA use software\u4e0d\u53ef\u4fe1\u641c\u7d22\u8def\u5f84\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Teikoku Databak TDB CA TypeA use software \u003c=5.2"
  },
  "referenceLink": "https://jvn.jp/en/jp/JVN18641169/index.html",
  "serverity": "\u9ad8",
  "submitTime": "2017-08-25",
  "title": "TDB CA TypeA use software\u4e0d\u53ef\u4fe1\u641c\u7d22\u8def\u5f84\u6f0f\u6d1e"
}

CVE-2017-10824 (GCVE-0-2017-10824)

Vulnerability from cvelistv5

Published

2017-08-18 13:00

Modified

2024-08-05 17:50

Severity ?

CWE

Untrusted search path vulnerability

Summary

Untrusted search path vulnerability in TDB CA TypeA use software Version 5.2 and earlier, distributed until 10 August 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

References

URL

Tags

https://jvn.jp/en/jp/JVN18641169/index.html

third-party-advisory, x_refsource_JVN