|
[Japanese]
|
JVNDB-2018-000074
|
DLL planting vulnerability in multiple Yayoi 17 Series products
|
|
Multiple Yayoi 17 Series products provided by Yayoi Co., Ltd. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eiji James Yoshida of Security Professionals Network Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
|
CVSS V3 Severity:
Base Metrics 7.8 (High) [IPA Score]
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
CVSS V2 Severity:
Base Metrics 6.8 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: Partial
- Availability Impact: Partial
|
|
|
Yayoi Co., Ltd
- Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier
- Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier
- Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier
- Yayoi Kaikei 17 Series Ver.23.1.1 and earlier
- Yayoi Kyuuyo 17 Ver.20.1.4 and earlier
- Yayoi Hanbai 17 Series Ver.20.0.2 and earlier
|
|
|
Arbitrary code may be executed with the privilege of the running application.
|
|
[Update the Software]
Apply the appropriate update according to the information provided by the developer.
|
|
Yayoi Co., Ltd
|
|
- No Mapping(CWE-Other) [IPA Evaluation]
|
|
- CVE-2018-0623
- CVE-2018-0624
|
|
- JVN : JVN#06813756
- JVN : JVNTA#91240916
- National Vulnerability Database (NVD) : CVE-2018-0623
- National Vulnerability Database (NVD) : CVE-2018-0624
|
|
- [2018/07/20]
Web page was published
- [2019/07/25]
References : Contents were added
|
