[Japanese] | |
JVNDB-2017-000122 | |
The installer of PatchJGD(Hyoko) provided by Geospatial Information Authority of Japan (GSI) may insecurely load Dynamic Link Libraries | |
Overview | |
The installer of PatchJGD(Hyoko) (PatchJGDh101.EXE) provided by Geospatial Information Authority of Japan (GSI) contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). | |
CVSS Severity (What is CVSS?) | |
CVSS V3 Severity:
Base Metrics 7.8 (High) [IPA Score]
CVSS V2 Severity:
Base Metrics 6.8 (Medium) [IPA Score]
| |
Affected Products | |
| |
Geospatial Information Authority of Japan | |
| |
Impact | |
Arbitrary code may be executed with the privilege of the user invoking the installers. | |
Solution | |
[Do not use the installers] | |
Vendor Information | |
Geospatial Information Authority of Japan | |
CWE (What is CWE?) | |
| |
CVE (What is CVE?) | |
| |
References | |
| |
Revision History | |
|
Date Public | 2017/06/08 |
Date First Published | 2017/06/08 |
Date Last Updated | 2018/01/24 |