Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-10825

Summary
Assigner-jpcert
Assigner Org ID-ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At-02 Nov, 2017 | 15:00
Updated At-05 Aug, 2024 | 17:50
Rejected At-
Credits

Untrusted search path vulnerability in Installer of Flets Easy Setup Tool Ver1.2.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:jpcert
Assigner Org ID:ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At:02 Nov, 2017 | 15:00
Updated At:05 Aug, 2024 | 17:50
Rejected At:
▼CVE Numbering Authority (CNA)

Untrusted search path vulnerability in Installer of Flets Easy Setup Tool Ver1.2.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Affected Products
Vendor
NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION
Product
Installer of Flets Easy Setup Tool
Versions
Affected
  • Ver1.2.0 and earlier
Problem Types
TypeCWE IDDescription
textN/AUntrusted search path vulnerability
Type: text
CWE ID: N/A
Description: Untrusted search path vulnerability
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://flets-w.com/topics/setup_tool_vulnerability/
x_refsource_MISC
https://jvn.jp/en/jp/JVN97243511/278948/index.html
x_refsource_MISC
Hyperlink: http://flets-w.com/topics/setup_tool_vulnerability/
Resource:
x_refsource_MISC
Hyperlink: https://jvn.jp/en/jp/JVN97243511/278948/index.html
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://flets-w.com/topics/setup_tool_vulnerability/
x_refsource_MISC
x_transferred
https://jvn.jp/en/jp/JVN97243511/278948/index.html
x_refsource_MISC
x_transferred
Hyperlink: http://flets-w.com/topics/setup_tool_vulnerability/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://jvn.jp/en/jp/JVN97243511/278948/index.html
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:vultures@jpcert.or.jp
Published At:02 Nov, 2017 | 15:29
Updated At:20 Apr, 2025 | 01:37

Untrusted search path vulnerability in Installer of Flets Easy Setup Tool Ver1.2.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.8HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
flets-w
flets-w
>>flets_easy_setup_tool>>1.2.0
cpe:2.3:a:flets-w:flets_easy_setup_tool:1.2.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-426Primarynvd@nist.gov
CWE ID: CWE-426
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://flets-w.com/topics/setup_tool_vulnerability/vultures@jpcert.or.jp
Vendor Advisory
https://jvn.jp/en/jp/JVN97243511/278948/index.htmlvultures@jpcert.or.jp
Third Party Advisory
VDB Entry
http://flets-w.com/topics/setup_tool_vulnerability/af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://jvn.jp/en/jp/JVN97243511/278948/index.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
Hyperlink: http://flets-w.com/topics/setup_tool_vulnerability/
Source: vultures@jpcert.or.jp
Resource:
Vendor Advisory
Hyperlink: https://jvn.jp/en/jp/JVN97243511/278948/index.html
Source: vultures@jpcert.or.jp
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://flets-w.com/topics/setup_tool_vulnerability/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://jvn.jp/en/jp/JVN97243511/278948/index.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

207Records found
CVE-2017-11749
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.24% / 46.63%
||
7 Day CHG~0.00%
Published-30 Jul, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

InternetSoft FTP Commander 8.02 and prior has an untrusted search path, allowing DLL hijacking via a Trojan horse dwmapi.dll file.

Action-Not Available
Vendor-internet-softn/a
Product-ftp_commandern/a
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-10863
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.04%
||
7 Day CHG~0.00%
Published-12 Oct, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in HIBUN Confidential File Decryption program prior to 10.50.0.5 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Note this is a separate vulnerability from CVE-2017-10865.

Action-Not Available
Vendor-Hitachi Solutions, Ltd.
Product-confidential_file_decryptionHIBUN Confidential File Decryption program
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-10848
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.04%
||
7 Day CHG~0.00%
Published-01 Sep, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Installers for DocuWorks 8.0.7 and earlier and DocuWorks Viewer Light published in Jul 2017 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-fujixeroxFuji Xerox Co.,Ltd.
Product-docuworksdocuworks_viewer_lightInstaller for DocuWorksInstaller for DocuWorks Viewer Light
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-10855
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.04%
||
7 Day CHG~0.00%
Published-15 Sep, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in FENCE-Explorer for Windows V8.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-Microsoft CorporationFujitsu Limited
Product-windows_7windows_8.1fence-explorerwindows_10FENCE-Explorer for Windows
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-10909
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.11% / 30.74%
||
7 Day CHG~0.00%
Published-22 Dec, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Music Center for PC version 1.0.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-Sony Group Corporation
Product-music_centerMusic Center for PC
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-10864
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.11% / 30.61%
||
7 Day CHG~0.00%
Published-12 Oct, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Installer of HIBUN Confidential File Viewer prior to 11.20.0001 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-Hitachi Solutions, Ltd.
Product-confidential_file_viewerInstaller of HIBUN Confidential File Viewer
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-10893
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.11% / 30.74%
||
7 Day CHG~0.00%
Published-08 Dec, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in The Public Certification Service for Individuals "The JPKI user's software" Ver3.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-j-lisJapan Agency for Local Authority Information Systems
Product-the_public_certification_service_for_individualsThe Public Certification Service for Individuals "The JPKI user's software"
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-10851
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.04%
||
7 Day CHG~0.00%
Published-01 Sep, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Installer for ContentsBridge Utility for Windows 7.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-fujixeroxFuji Xerox Co.,Ltd.Microsoft Corporation
Product-contentsbridge_utilitywindowsInstaller for ContentsBridge Utility for Windows
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-10892
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.11% / 30.74%
||
7 Day CHG~0.00%
Published-01 Dec, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Music Center for PC version 1.0.00 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-Sony Group Corporation
Product-music_centerMusic Center for PC
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-10891
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.11% / 30.74%
||
7 Day CHG~0.00%
Published-01 Dec, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Media Go version 3.2.0.191 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-Sony Group Corporation
Product-media_goMedia Go
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-10859
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.04%
||
7 Day CHG~0.00%
Published-15 Sep, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-dajDigital Arts Inc.
Product-i-filter_installer"i-filter 6.0 installer"
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-10887
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.04%
||
7 Day CHG~0.00%
Published-17 Nov, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in BOOK WALKER for Windows Ver.1.2.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-bookwalkerBOOK WALKER Co.,Ltd.Microsoft Corporation
Product-book_walkerwindowsBOOK WALKER for Windows
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-10824
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.17% / 38.79%
||
7 Day CHG~0.00%
Published-18 Aug, 2017 | 13:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in TDB CA TypeA use software Version 5.2 and earlier, distributed until 10 August 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-teikoku_databankTeikoku Databank, Ltd.
Product-type_aTDB CA TypeA use software
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-10849
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.04%
||
7 Day CHG~0.00%
Published-01 Sep, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Self-extracting document generated by DocuWorks 8.0.7 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-fujixeroxFuji Xerox Co.,Ltd.
Product-docuworksSelf-extracting document generated by DocuWorks
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-10836
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.04%
||
7 Day CHG~0.00%
Published-28 Aug, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Optimal Guard 1.1.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-optimOPTiM Corporation
Product-optimal_guardOptimal Guard
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-10860
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.21% / 44.08%
||
7 Day CHG~0.00%
Published-15 Sep, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory.

Action-Not Available
Vendor-dajDigital Arts Inc.
Product-i-filter_installer"i-filter 6.0 installer"
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-10812
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.16%
||
7 Day CHG~0.00%
Published-28 Aug, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Photo Collection PC Software Ver.4.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-nttdocomoNTT DOCOMO, INC.
Product-photo_collection_pc_softwarePhoto Collection PC Software
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-10831
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.18% / 39.95%
||
7 Day CHG~0.00%
Published-28 Aug, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in The electronic authentication system based on the commercial registration system "The CRCA user's Software" Ver1.8 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-moj.gon/a
Product-commercial_registration_electronic_authentication_softwaren/a
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-10865
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.11% / 30.61%
||
7 Day CHG~0.00%
Published-12 Oct, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in HIBUN Confidential File Decryption program prior to 10.50.0.5 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Note this is a separate vulnerability from CVE-2017-10863.

Action-Not Available
Vendor-Hitachi Solutions, Ltd.
Product-confidential_file_decryptionHIBUN Confidential File Decryption program
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-10823
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.77%
||
7 Day CHG~0.00%
Published-18 Aug, 2017 | 13:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Installer for Shin Kinkyuji Houkoku Data Nyuryoku Program (program released on 2011 March 10) Distributed on the website till 2017 May 17 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-METI (Agency for Natural Resources and Energy)
Product-shin_kinkyuji_houkoku_data_nyuryoku_programInstaller for Shin Kinkyuji Houkoku Data Nyuryoku Program (program released on 2011 March 10)
CWE ID-CWE-426
Untrusted Search Path
CVE-2019-1010100
Matching Score-4
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
ShareView Details
Matching Score-4
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
CVSS Score-7.8||HIGH
EPSS-0.39% / 59.11%
||
7 Day CHG~0.00%
Published-19 Jul, 2019 | 15:37
Updated-05 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Akeo Consulting Rufus 3.0 and earlier is affected by: DLL search order hijacking. The impact is: Arbitrary code execution WITH escalation of privilege. The component is: Executable installers, portable executables (ALL executables on the web site). The attack vector is: CAPEC-471, CWE-426, CWE-427.

Action-Not Available
Vendor-akeoAkeo Consulting
Product-rufusRufus
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-426
Untrusted Search Path
CVE-2019-15295
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.17% / 38.06%
||
7 Day CHG~0.00%
Published-21 Aug, 2019 | 17:16
Updated-05 Aug, 2024 | 00:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Untrusted Search Path vulnerability in the ServiceInstance.dll library versions 1.0.15.119 and lower, as used in Bitdefender Antivirus Free 2020 versions prior to 1.0.15.138, allows an attacker to load an arbitrary DLL file from the search path.

Action-Not Available
Vendor-n/aBitdefender
Product-antivirus_2020n/a
CWE ID-CWE-426
Untrusted Search Path
CVE-2019-0809
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-15.09% / 94.31%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 02:30
Updated-04 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when the Visual Studio C++ Redistributable Installer improperly validates input before loading dynamic link library (DLL) files, aka 'Visual Studio Remote Code Execution Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_2017Microsoft Visual Studio 2017
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-7484
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.13% / 33.02%
||
7 Day CHG~0.00%
Published-26 Feb, 2018 | 02:00
Updated-16 Sep, 2024 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in PureVPN through 5.19.4.0 on Windows. The client installation grants the Everyone group Full Control permission to the installation directory. In addition, the PureVPNService.exe service, which runs under NT Authority\SYSTEM privileges, tries to load several dynamic-link libraries using relative paths instead of the absolute path. When not using a fully qualified path, the application will first try to load the library from the directory from which the application is started. As the residing directory of PureVPNService.exe is writable to all users, this makes the application susceptible to privilege escalation through DLL hijacking.

Action-Not Available
Vendor-purevpnn/a
Product-purevpnn/a
CWE ID-CWE-426
Untrusted Search Path
CVE-2016-7804
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.64% / 69.53%
||
7 Day CHG~0.00%
Published-22 May, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in 7 Zip for Windows 16.02 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-7-zipIgor Pavlov
Product-7-zip7 Zip for Windows
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-6700
Matching Score-4
Assigner-Trellix
ShareView Details
Matching Score-4
Assigner-Trellix
CVSS Score-7.5||HIGH
EPSS-0.37% / 58.04%
||
7 Day CHG~0.00%
Published-24 Sep, 2018 | 13:00
Updated-05 Aug, 2024 | 06:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
True Key (TK) - DLL Search Order Hijacking vulnerability

DLL Search Order Hijacking vulnerability in Microsoft Windows Client in McAfee True Key (TK) before 5.1.165 allows local users to execute arbitrary code via specially crafted malware.

Action-Not Available
Vendor-McAfee, LLC
Product-true_keyTrue Key (TK)
CWE ID-CWE-426
Untrusted Search Path
CVE-2020-4545
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.97% / 75.62%
||
7 Day CHG~0.00%
Published-04 Sep, 2020 | 13:35
Updated-16 Sep, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Aspera Connect 3.9.9 could allow a remote attacker to execute arbitrary code on the system, caused by improper loading of Dynamic Link Libraries by the import feature. By persuading a victim to open a specially-crafted .DLL file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183190.

Action-Not Available
Vendor-IBM Corporation
Product-aspera_connectAspera Connect
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-7884
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.90%
||
7 Day CHG~0.00%
Published-05 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in DisplayLink Core Software Cleaner Application 8.2.1956. When the drivers are updated to a newer version, the product launches a process as SYSTEM to uninstall the old version: cl_1956.exe is run as SYSTEM on the %systemroot%\Temp folder, where any user can write a DLL (e.g., version.dll) to perform DLL Hijacking and elevate privileges to SYSTEM.

Action-Not Available
Vendor-displaylinkn/a
Product-core_software_cleanern/a
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-6661
Matching Score-4
Assigner-Trellix
ShareView Details
Matching Score-4
Assigner-Trellix
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.32%
||
7 Day CHG~0.00%
Published-02 Apr, 2018 | 13:00
Updated-16 Sep, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TS102801 True Key DLL Side-Loading vulnerability

DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature.

Action-Not Available
Vendor-McAfee, LLCMicrosoft Corporation
Product-windowstrue_keyTrue Key
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-6461
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.13% / 33.78%
||
7 Day CHG~0.00%
Published-05 Feb, 2018 | 07:00
Updated-05 Aug, 2024 | 06:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

March Hare WINCVS before 2.8.01 build 6610, and CVS Suite before 2009R2 build 6610, contains an Insecure Library Loading vulnerability in the wincvs2.exe or wincvs.exe file, which may allow local users to gain privileges via a Trojan horse Python or TCL DLL file in the current working directory.

Action-Not Available
Vendor-march-haren/aMicrosoft Corporation
Product-windowswincvsn/a
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-6306
Matching Score-4
Assigner-Kaspersky
ShareView Details
Matching Score-4
Assigner-Kaspersky
CVSS Score-7.8||HIGH
EPSS-0.37% / 58.02%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 13:00
Updated-17 Sep, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538.

Action-Not Available
Vendor-Kaspersky Lab
Product-password_managerKaspersky Password Manager
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-5003
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-3.04% / 86.13%
||
7 Day CHG~0.00%
Published-29 Aug, 2018 | 13:00
Updated-05 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Creative Cloud Desktop Application before 4.5.5.342 (installer) has an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.

Action-Not Available
Vendor-n/aMicrosoft CorporationAdobe Inc.
Product-windowscreative_cloudAdobe Creative Cloud Desktop Application before 4.5.5.342
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-4927
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.72% / 81.64%
||
7 Day CHG~0.00%
Published-19 May, 2018 | 17:00
Updated-05 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe InDesign versions 13.0 and below have an exploitable Untrusted Search Path vulnerability. Successful exploitation could lead to local privilege escalation.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-windowsindesignmac_os_xInDesign 13.0 and below
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-16189
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.26% / 48.65%
||
7 Day CHG~0.00%
Published-13 Feb, 2019 | 18:00
Updated-05 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Self-Extracting Archives created by UNLHA32.DLL prior to Ver 3.00 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-miccoMiccoMicrosoft Corporation
Product-windowsunlha32.dllSelf-Extracting Archives created by UNLHA32.DLL
CWE ID-CWE-426
Untrusted Search Path
CVE-2016-7838
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.92% / 75.07%
||
7 Day CHG~0.00%
Published-09 Jun, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in WinSparkle versions prior to 0.5.3 allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory.

Action-Not Available
Vendor-winsparkleWinSparkle
Product-winsparkleWinSparkle
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-16190
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.30% / 52.76%
||
7 Day CHG~0.00%
Published-13 Feb, 2019 | 18:00
Updated-05 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in UNARJ32.DLL for Win32, LHMelting for Win32, and LMLzh32.DLL (UNARJ32.DLL for Win32 Ver 1.10.1.25 and earlier, LHMelting for Win32 Ver 1.65.3.6 and earlier, LMLzh32.DLL Ver 2.67.1.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-miccoMiccoMicrosoft Corporation
Product-lmlzh32.dllunlha32.dllwindowsunarj32.dlllhmeltingUNARJ32.DLL for Win32, LHMelting for Win32, and LMLzh32.DLL
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-15983
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.93% / 75.10%
||
7 Day CHG~0.00%
Published-18 Jan, 2019 | 17:00
Updated-05 Aug, 2024 | 10:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.

Action-Not Available
Vendor-n/aGoogle LLCAdobe Inc.Apple Inc.Microsoft CorporationLinux Kernel Organization, Inc
Product-linux_kernelwindows_8.1chrome_osmac_os_xwindowswindows_10flash_playern/a
CWE ID-CWE-426
Untrusted Search Path
CVE-2019-12574
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.42% / 61.26%
||
7 Day CHG~0.00%
Published-11 Jul, 2019 | 19:55
Updated-04 Aug, 2024 | 23:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v1.0 for Windows could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The PIA client is vulnerable to a DLL injection vulnerability during the software update process. The updater loads several libraries from a folder that authenticated users have write access to. A low privileged user can leverage this vulnerability to execute arbitrary code as SYSTEM.

Action-Not Available
Vendor-londontrustmedian/aMicrosoft Corporation
Product-private_internet_access_vpn_clientwindowsn/a
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-18333
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.60% / 68.37%
||
7 Day CHG~0.00%
Published-05 Feb, 2019 | 22:00
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijacking vulnerability in Trend Micro Security 2019 (Consumer) versions below 15.0.0.1163 and below could allow an attacker to manipulate a specific DLL and escalate privileges on vulnerable installations.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-premium_securityinternet_securityantivirus_\+_securitywindowsmaximum_securityTrend Micro Security (Consumer)
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-15974
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.91% / 82.56%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 18:00
Updated-05 Aug, 2024 | 10:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Framemaker versions 1.0.5.1 and below have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.

Action-Not Available
Vendor-Adobe Inc.
Product-framemakerAdobe Framemaker
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-16182
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.26% / 48.65%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 22:00
Updated-05 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in the installer of MARKET SPEED Ver.16.4 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-rakuten-secRakuten Securities, Inc.
Product-market_speedThe installer of MARKET SPEED
CWE ID-CWE-426
Untrusted Search Path
CVE-2016-6803
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.36%
||
7 Day CHG~0.00%
Published-13 Nov, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An installer defect known as an "unquoted Windows search path vulnerability" affected the Apache OpenOffice before 4.1.3 installers for Windows. The PC must have previously been infected by a Trojan Horse application (or user) running with administrative privilege. Any installer with the unquoted search path vulnerability becomes a delayed trigger for the exploit.

Action-Not Available
Vendor-The Apache Software FoundationMicrosoft Corporation
Product-openofficewindowsApache OpenOffice
CWE ID-CWE-426
Untrusted Search Path
CVE-2019-12569
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-3.22% / 86.54%
||
7 Day CHG~0.00%
Published-03 Jun, 2019 | 00:50
Updated-04 Aug, 2024 | 23:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Viber before 10.7.0 for Desktop (Windows) could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI. An attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could cause the application to load libraries from the directory targeted by the URI link. The attacker could use this behavior to execute arbitrary commands on the system with the privileges of the targeted user, if the attacker can place a crafted library in a directory that is accessible to the vulnerable system.

Action-Not Available
Vendor-rakutenn/a
Product-vibern/a
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-1458
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.4||HIGH
EPSS-0.28% / 51.39%
||
7 Day CHG~0.00%
Published-10 Jul, 2018 | 16:00
Updated-16 Sep, 2024 | 23:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10,1, 10.5 and 11.1 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks. IBM X-Force ID: 140209.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsdb2linux_kernelDB2 for Linux, UNIX and Windows
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-1437
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.23% / 46.11%
||
7 Day CHG~0.00%
Published-14 Mar, 2018 | 00:00
Updated-16 Sep, 2024 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Notes 8.5 and 9.0 could allow an attacker to execute arbitrary code on the system, caused by an error related to multiple untrusted search path. A local attacker could exploit this vulnerability to DLL hijacking to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 139565.

Action-Not Available
Vendor-IBM Corporation
Product-notesNotes
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-1435
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.99% / 75.95%
||
7 Day CHG~0.00%
Published-14 Mar, 2018 | 00:00
Updated-17 Sep, 2024 | 01:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Notes 8.5 and 9.0 is vulnerable to a DLL hijacking attack. A remote attacker could trick a user to double click a malicious executable in an attacker-controlled directory, which could result in code execution. IBM X-Force ID: 139563.

Action-Not Available
Vendor-IBM Corporation
Product-notesNotes
CWE ID-CWE-426
Untrusted Search Path
CVE-2020-4739
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.83%
||
7 Day CHG~0.00%
Published-20 Nov, 2020 | 13:50
Updated-17 Sep, 2024 | 02:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 Accessories Suite for Linux, UNIX, and Windows, DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 188149.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-windowsdb2DB2 for Linux, UNIX and Windows
CWE ID-CWE-426
Untrusted Search Path
CVE-2016-4901
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.42% / 61.26%
||
7 Day CHG~0.00%
Published-22 May, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in The installer of e-Tax Software all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-national_tax_agencyNational Tax Agency
Product-e-taxThe installer of e-Tax Software
CWE ID-CWE-426
Untrusted Search Path
CVE-2016-4900
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.42% / 61.26%
||
7 Day CHG~0.00%
Published-22 May, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Evernote for Windows versions prior to 6.3 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-evernoteEvernote
Product-evernoteEvernote for Windows
CWE ID-CWE-426
Untrusted Search Path
CVE-2016-4902
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-1.01% / 76.23%
||
7 Day CHG~0.00%
Published-09 Jun, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in The Public Certification Service for Individuals "The JPKI user's software (for Windows 7 and later)" Ver3.0.1 and earlier, The Public Certification Service for Individuals "The JPKI user's software (for Windows Vista)" Ver3.0.1 and earlier and The Public Certification Service for Individuals "The JPKI user's software" Ver2.6 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-jpkiJapan Agency for Local Authority Information Systems
Product-the_public_certification_service_for_individualsthe_public_certification_service_for_individuals_for_windows_7the_public_certification_service_for_individuals_for_windows_vistaThe Public Certification Service for Individuals "The JPKI user's software (for Windows 7 and later)"The Public Certification Service for Individuals "The JPKI user's software"The Public Certification Service for Individuals "The JPKI user's software (for Windows Vista)"
CWE ID-CWE-426
Untrusted Search Path
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found