cnvd - cnvd-2018-04369

cnvd-2018-04369

Vulnerability from cnvd

Title

Flets Azukeru for Windows Auto Backup Tool不可信搜索路径漏洞

Description

Flets Azukeru for Windows Auto Backup Tool是日本NIPPON TELEGRAPH AND TELEPHONE WEST公司的一款基于Windows平台的Flets Azukeru自动备份工具。 Flets Azukeru for Windows Auto Backup Tool 1.0.3.0及之前的版本中存在不可信搜索路径漏洞。远程攻击者可借助目录下恶意的DLL利用该漏洞获取权限。

Severity

高

Patch Name

Flets Azukeru for Windows Auto Backup Tool不可信搜索路径漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： http://flets-w.com/topics/azukeru_vulnerability/

Reference

http://flets-w.com/topics/azukeru_vulnerability/ https://nvd.nist.gov/vuln/detail/CVE-2017-10827

Impacted products

Name
NIPPON TELEGRAPH AND TELEPHONE WEST Flets Azukeru for Windows Auto Backup Tool <=1.0.3.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-10827",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10827"
    }
  },
  "description": "Flets Azukeru for Windows Auto Backup Tool\u662f\u65e5\u672cNIPPON TELEGRAPH AND TELEPHONE WEST\u516c\u53f8\u7684\u4e00\u6b3e\u57fa\u4e8eWindows\u5e73\u53f0\u7684Flets Azukeru\u81ea\u52a8\u5907\u4efd\u5de5\u5177\u3002\r\n\r\nFlets Azukeru for Windows Auto Backup Tool 1.0.3.0\u53ca\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u4e0d\u53ef\u4fe1\u641c\u7d22\u8def\u5f84\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u76ee\u5f55\u4e0b\u6076\u610f\u7684DLL\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u6743\u9650\u3002",
  "discovererName": "Eili Masami of Tachibana Lab.",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://flets-w.com/topics/azukeru_vulnerability/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-04369",
  "openTime": "2018-03-06",
  "patchDescription": "Flets Azukeru for Windows Auto Backup Tool\u662f\u65e5\u672cNIPPON TELEGRAPH AND TELEPHONE WEST\u516c\u53f8\u7684\u4e00\u6b3e\u57fa\u4e8eWindows\u5e73\u53f0\u7684Flets Azukeru\u81ea\u52a8\u5907\u4efd\u5de5\u5177\u3002\r\n\r\nFlets Azukeru for Windows Auto Backup Tool 1.0.3.0\u53ca\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u4e0d\u53ef\u4fe1\u641c\u7d22\u8def\u5f84\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u76ee\u5f55\u4e0b\u6076\u610f\u7684DLL\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Flets Azukeru for Windows Auto Backup Tool\u4e0d\u53ef\u4fe1\u641c\u7d22\u8def\u5f84\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "NIPPON TELEGRAPH AND TELEPHONE WEST Flets Azukeru for Windows Auto Backup Tool \u003c=1.0.3.0"
  },
  "referenceLink": "http://flets-w.com/topics/azukeru_vulnerability/\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10827",
  "serverity": "\u9ad8",
  "submitTime": "2018-01-23",
  "title": "Flets Azukeru for Windows Auto Backup Tool\u4e0d\u53ef\u4fe1\u641c\u7d22\u8def\u5f84\u6f0f\u6d1e"
}

CVE-2017-10827 (GCVE-0-2017-10827)

Vulnerability from cvelistv5

Published

2017-08-28 20:00

Modified

2024-08-05 17:50

Severity ?

CWE

Untrusted search path vulnerability

Summary

Untrusted search path vulnerability in Flets Azukeru for Windows Auto Backup Tool v1.0.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

References

URL

Tags

	https://jvn.jp/en/jp/JVN14658714/index.html	third-party-advisory, x_refsource_JVN
	http://flets-w.com/topics/azukeru_vulnerability/	x_refsource_MISC