Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-18367

Summary
Assigner-symantec
Assigner Org ID-80d3bcb6-88de-48c2-a47e-aebf795f19b5
Published At-25 Apr, 2019 | 19:22
Updated At-05 Aug, 2024 | 11:08
Rejected At-
Credits

Symantec Endpoint Protection Manager (SEPM) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:symantec
Assigner Org ID:80d3bcb6-88de-48c2-a47e-aebf795f19b5
Published At:25 Apr, 2019 | 19:22
Updated At:05 Aug, 2024 | 11:08
Rejected At:
▼CVE Numbering Authority (CNA)

Symantec Endpoint Protection Manager (SEPM) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead.

Affected Products
Vendor
Symantec CorporationSymantec Corporation
Product
Symantec Endpoint Protection Manager
Versions
Affected
  • Prior to and including 12.1 RU6 MP9
  • Prior to 14.2 RU1
Problem Types
TypeCWE IDDescription
textN/ADLL Preloading
Type: text
CWE ID: N/A
Description: DLL Preloading
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.symantec.com/en_US/article.SYMSA1479.html
x_refsource_CONFIRM
http://www.securityfocus.com/bid/107996
vdb-entry
x_refsource_BID
Hyperlink: https://support.symantec.com/en_US/article.SYMSA1479.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/107996
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.symantec.com/en_US/article.SYMSA1479.html
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/107996
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://support.symantec.com/en_US/article.SYMSA1479.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/107996
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@symantec.com
Published At:25 Apr, 2019 | 20:29
Updated At:03 May, 2019 | 13:18

Symantec Endpoint Protection Manager (SEPM) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.8HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
Symantec Corporation
symantec
>>endpoint_protection_manager>>12.1
cpe:2.3:a:symantec:endpoint_protection_manager:12.1:rtm:*:*:*:*:*:*
Symantec Corporation
symantec
>>endpoint_protection_manager>>12.1
cpe:2.3:a:symantec:endpoint_protection_manager:12.1:ru1:*:*:*:*:*:*
Symantec Corporation
symantec
>>endpoint_protection_manager>>12.1
cpe:2.3:a:symantec:endpoint_protection_manager:12.1:ru1-mp1:*:*:*:*:*:*
Symantec Corporation
symantec
>>endpoint_protection_manager>>12.1
cpe:2.3:a:symantec:endpoint_protection_manager:12.1:ru2:*:*:*:*:*:*
Symantec Corporation
symantec
>>endpoint_protection_manager>>12.1
cpe:2.3:a:symantec:endpoint_protection_manager:12.1:ru2-mp1:*:*:*:*:*:*
Symantec Corporation
symantec
>>endpoint_protection_manager>>12.1
cpe:2.3:a:symantec:endpoint_protection_manager:12.1:ru3:*:*:*:*:*:*
Symantec Corporation
symantec
>>endpoint_protection_manager>>12.1
cpe:2.3:a:symantec:endpoint_protection_manager:12.1:ru4:*:*:*:*:*:*
Symantec Corporation
symantec
>>endpoint_protection_manager>>12.1
cpe:2.3:a:symantec:endpoint_protection_manager:12.1:ru4-mp1:*:*:*:*:*:*
Symantec Corporation
symantec
>>endpoint_protection_manager>>12.1
cpe:2.3:a:symantec:endpoint_protection_manager:12.1:ru4-mp1a:*:*:*:*:*:*
Symantec Corporation
symantec
>>endpoint_protection_manager>>12.1
cpe:2.3:a:symantec:endpoint_protection_manager:12.1:ru4-mp1b:*:*:*:*:*:*
Symantec Corporation
symantec
>>endpoint_protection_manager>>12.1
cpe:2.3:a:symantec:endpoint_protection_manager:12.1:ru4a:*:*:*:*:*:*
Symantec Corporation
symantec
>>endpoint_protection_manager>>12.1
cpe:2.3:a:symantec:endpoint_protection_manager:12.1:ru5:*:*:*:*:*:*
Symantec Corporation
symantec
>>endpoint_protection_manager>>12.1
cpe:2.3:a:symantec:endpoint_protection_manager:12.1:ru6:*:*:*:*:*:*
Symantec Corporation
symantec
>>endpoint_protection_manager>>12.1
cpe:2.3:a:symantec:endpoint_protection_manager:12.1:ru6-mp1:*:*:*:*:*:*
Symantec Corporation
symantec
>>endpoint_protection_manager>>12.1
cpe:2.3:a:symantec:endpoint_protection_manager:12.1:ru6-mp1a:*:*:*:*:*:*
Symantec Corporation
symantec
>>endpoint_protection_manager>>12.1
cpe:2.3:a:symantec:endpoint_protection_manager:12.1:ru6-mp2:*:*:*:*:*:*
Symantec Corporation
symantec
>>endpoint_protection_manager>>12.1
cpe:2.3:a:symantec:endpoint_protection_manager:12.1:ru6-mp3:*:*:*:*:*:*
Symantec Corporation
symantec
>>endpoint_protection_manager>>12.1
cpe:2.3:a:symantec:endpoint_protection_manager:12.1:ru6-mp4:*:*:*:*:*:*
Symantec Corporation
symantec
>>endpoint_protection_manager>>12.1
cpe:2.3:a:symantec:endpoint_protection_manager:12.1:ru6-mp5:*:*:*:*:*:*
Symantec Corporation
symantec
>>endpoint_protection_manager>>12.1
cpe:2.3:a:symantec:endpoint_protection_manager:12.1:ru6-mp6:*:*:*:*:*:*
Symantec Corporation
symantec
>>endpoint_protection_manager>>12.1
cpe:2.3:a:symantec:endpoint_protection_manager:12.1:ru6-mp7:*:*:*:*:*:*
Symantec Corporation
symantec
>>endpoint_protection_manager>>12.1
cpe:2.3:a:symantec:endpoint_protection_manager:12.1:ru6-mp8:*:*:*:*:*:*
Symantec Corporation
symantec
>>endpoint_protection_manager>>12.1
cpe:2.3:a:symantec:endpoint_protection_manager:12.1:ru6-mp9:*:*:*:*:*:*
Symantec Corporation
symantec
>>endpoint_protection_manager>>14
cpe:2.3:a:symantec:endpoint_protection_manager:14:*:*:*:*:*:*:*
Symantec Corporation
symantec
>>endpoint_protection_manager>>14
cpe:2.3:a:symantec:endpoint_protection_manager:14:mp1:*:*:*:*:*:*
Symantec Corporation
symantec
>>endpoint_protection_manager>>14
cpe:2.3:a:symantec:endpoint_protection_manager:14:mp2:*:*:*:*:*:*
Symantec Corporation
symantec
>>endpoint_protection_manager>>14.0.1
cpe:2.3:a:symantec:endpoint_protection_manager:14.0.1:*:*:*:*:*:*:*
Symantec Corporation
symantec
>>endpoint_protection_manager>>14.0.1
cpe:2.3:a:symantec:endpoint_protection_manager:14.0.1:mp1:*:*:*:*:*:*
Symantec Corporation
symantec
>>endpoint_protection_manager>>14.0.1
cpe:2.3:a:symantec:endpoint_protection_manager:14.0.1:mp2:*:*:*:*:*:*
Symantec Corporation
symantec
>>endpoint_protection_manager>>14.1
cpe:2.3:a:symantec:endpoint_protection_manager:14.1:*:*:*:*:*:*:*
Symantec Corporation
symantec
>>endpoint_protection_manager>>14.2
cpe:2.3:a:symantec:endpoint_protection_manager:14.2:*:*:*:*:*:*:*
Symantec Corporation
symantec
>>endpoint_protection_manager>>14.2
cpe:2.3:a:symantec:endpoint_protection_manager:14.2:mp1:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-426Primarynvd@nist.gov
CWE ID: CWE-426
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/107996secure@symantec.com
Third Party Advisory
VDB Entry
https://support.symantec.com/en_US/article.SYMSA1479.htmlsecure@symantec.com
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/107996
Source: secure@symantec.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://support.symantec.com/en_US/article.SYMSA1479.html
Source: secure@symantec.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

228Records found
CVE-2018-0599
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-1.58% / 80.85%
||
7 Day CHG~0.00%
Published-26 Jun, 2018 | 14:00
Updated-05 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in the installer of Visual C++ Redistributable allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-Microsoft Corporation
Product-windowsThe installer of Visual C++ Redistributable
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-0592
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-1.44% / 79.94%
||
7 Day CHG~0.00%
Published-26 Jun, 2018 | 14:00
Updated-05 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-Microsoft Corporation
Product-onedriveMicrosoft OneDrive
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-0600
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.26% / 48.66%
||
7 Day CHG~0.00%
Published-26 Jun, 2018 | 14:00
Updated-05 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in the installer of PlayMemories Home for Windows ver.5.5.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-Sony Group CorporationMicrosoft Corporation
Product-windowsplaymemories_homethe installer of PlayMemories Home for Windows
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-0540
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.21% / 43.07%
||
7 Day CHG~0.00%
Published-22 Mar, 2018 | 13:00
Updated-05 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in ViX version 2.21.148.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-vix_projectK_OKADA
Product-vixViX
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-0516
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.22% / 44.80%
||
7 Day CHG~0.00%
Published-16 Feb, 2018 | 17:00
Updated-05 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in FLET'S v4 / v6 address selection tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-fletsNIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION
Product-address_selection_toolFLET'S v4 / v6 address selection tool
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-0656
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.26% / 48.66%
||
7 Day CHG~0.00%
Published-04 Sep, 2018 | 13:00
Updated-05 Aug, 2024 | 03:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in The installer of Digital Paper App version 1.4.0.16050 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-Sony Group Corporation
Product-digital_paper_appThe installer of Digital Paper App
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-0620
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.24% / 46.65%
||
7 Day CHG~0.00%
Published-26 Jul, 2018 | 17:00
Updated-05 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in LOGICOOL Game Software versions before 8.87.116 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-logitechLogicool Co Ltd.
Product-game_softwarethe installer of LOGICOOL Game Software
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-0619
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.24% / 46.65%
||
7 Day CHG~0.00%
Published-26 Jul, 2018 | 17:00
Updated-05 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in the installer of Glarysoft Glary Utilities (Glary Utilities 5.99 and earlier and Glary Utilities Pro 5.99 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-glarysoftGlarysoft Ltd.
Product-glary_utilitiesInstaller of Glary Utilities
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-0648
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.26% / 48.66%
||
7 Day CHG~0.00%
Published-07 Sep, 2018 | 14:00
Updated-05 Aug, 2024 | 03:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in installer of ChatWork Desktop App for Windows 2.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-chatworkChatWork Co,. LTD.
Product-chatworkInstaller of ChatWork Desktop App for Windows
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-0596
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-2.34% / 84.25%
||
7 Day CHG~0.00%
Published-26 Jun, 2018 | 14:00
Updated-05 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in the installer of Visual Studio Community allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_communityThe installer of Visual Studio Community
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-0667
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.26% / 48.66%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 22:00
Updated-05 Aug, 2024 | 03:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Installer of INplc SDK Express 3.08 and earlier and Installer of INplc SDK Pro+ 3.08 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-mncMICRONET CORPORATION
Product-inplc-rt_sdk_expressinplc_sdk_pro\+Installer of INplc SDK Express 3.08 and earlier and Installer of INplc SDK Pro+ 3.08 and earlier
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-0544
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.17% / 38.79%
||
7 Day CHG~0.00%
Published-09 Mar, 2018 | 16:00
Updated-05 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in WinShot 1.53a and earlier (Installer) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-woodybellsWoodyBells
Product-winshotWinShot
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-0517
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.21% / 43.07%
||
7 Day CHG~0.00%
Published-08 Feb, 2018 | 14:00
Updated-05 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Anshin net security for Windows Version 16.0.1.44 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-kddiKDDI CORPORATION
Product-anshin_net_securityAnshin net security for Windows
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-8137
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.66%
||
7 Day CHG~0.00%
Published-22 Nov, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HedEx Earlier than V200R006C00 versions has a dynamic link library (DLL) hijacking vulnerability due to calling the DDL file by accessing a relative path. An attacker could exploit this vulnerability to tamper with the DLL file, leading to DLL hijacking.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-hedex_liteHedEx Lite
CWE ID-CWE-426
Untrusted Search Path
CVE-2020-4739
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.87%
||
7 Day CHG~0.00%
Published-20 Nov, 2020 | 13:50
Updated-17 Sep, 2024 | 02:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 Accessories Suite for Linux, UNIX, and Windows, DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 188149.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-windowsdb2DB2 for Linux, UNIX and Windows
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-7327
Matching Score-4
Assigner-Yandex N.V.
ShareView Details
Matching Score-4
Assigner-Yandex N.V.
CVSS Score-7.8||HIGH
EPSS-0.26% / 49.65%
||
7 Day CHG~0.00%
Published-19 Jan, 2018 | 17:00
Updated-16 Sep, 2024 | 21:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Yandex Browser installer for Desktop before 17.4.1 has a DLL Hijacking Vulnerability because an untrusted search path is used for dnsapi.dll, winmm.dll, ntmarta.dll, cryptbase.dll or profapi.dll.

Action-Not Available
Vendor-yandexYandex N.V.
Product-yandex_browserYandex Browser for Desktop
CWE ID-CWE-426
Untrusted Search Path
CVE-2023-4736
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.88%
||
7 Day CHG~0.00%
Published-02 Sep, 2023 | 18:02
Updated-13 Feb, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Untrusted Search Path in vim/vim

Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.

Action-Not Available
Vendor-VimApple Inc.
Product-macosvimvim/vim
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-5236
Matching Score-4
Assigner-Rapid7, Inc.
ShareView Details
Matching Score-4
Assigner-Rapid7, Inc.
CVSS Score-7.8||HIGH
EPSS-0.26% / 48.73%
||
7 Day CHG~0.00%
Published-03 May, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.

Action-Not Available
Vendor-Rapid7 LLC
Product-appspider_proAppSpider Pro
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-5233
Matching Score-4
Assigner-Rapid7, Inc.
ShareView Details
Matching Score-4
Assigner-Rapid7, Inc.
CVSS Score-7.8||HIGH
EPSS-0.19% / 40.97%
||
7 Day CHG~0.00%
Published-02 Mar, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Rapid7 AppSpider Pro installers prior to version 6.14.053 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.

Action-Not Available
Vendor-Rapid7 LLC
Product-appspider_proAppSpider Pro
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-5696
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.26% / 48.66%
||
7 Day CHG~0.00%
Published-18 Jan, 2018 | 01:00
Updated-16 Sep, 2024 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path in Intel Graphics Driver 15.40.x.x, 15.45.x.x, and 21.20.x.x allows unprivileged user to elevate privileges via local access.

Action-Not Available
Vendor-Intel Corporation
Product-graphics_driverIntel Graphics Driver
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2193
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.16% / 37.80%
||
7 Day CHG~0.00%
Published-09 Jun, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in the installer of Tera Term 4.94 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-tera_term_projectTeraTerm Project
Product-tera_termThe installer of Tera Term
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2156
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.51% / 65.58%
||
7 Day CHG~0.00%
Published-28 Apr, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Vivaldi installer for Windows prior to version 1.7.735.48 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory.

Action-Not Available
Vendor-vivaldiVivaldi Technologies
Product-vivaldi_installer_for_windowsVivaldi installer for Windows
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2215
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.28% / 51.01%
||
7 Day CHG~0.00%
Published-07 Jul, 2017 | 13:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Installer of "Setup file of advance preparation" (jizen_setup.exe) (The version which was available on the website prior to 2017 June 12) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-e-tax.ntaNational Tax Agency
Product-e-taxInstaller of "Setup file of advance preparation" (jizen_setup.exe)
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2253
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.18%
||
7 Day CHG~0.00%
Published-14 Jul, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Installer of Yahoo! Toolbar (for Internet explorer) v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-Yahoo Japan CorporationYahoo Inc.
Product-toolbarInstaller of Yahoo! Toolbar (for Internet explorer)
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2213
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.06%
||
7 Day CHG~0.00%
Published-09 Jun, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in SemiDynaEXE (SemiDynaEXE2008.EXE) ver. 1.0.2 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-gsiGeospatial Information Authority of Japan (GSI)
Product-semidynaexeSemiDynaEXE (SemiDynaEXE2008.EXE)
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2230
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.39% / 59.27%
||
7 Day CHG~0.00%
Published-07 Jul, 2017 | 13:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Douro Kouji Kanseizutou Check Program Ver3.1 (cdrw_checker_3.1.0.lzh) and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-nilimNational Institute for Land and Infrastructure Management
Product-road_construction_completion_diagram_check_programDouro Kouji Kanseizutou Check Program
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2233
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.18%
||
7 Day CHG~0.00%
Published-07 Jul, 2017 | 13:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Installer of PDF Digital Signature Plugin (G2.30) and earlier, distributed till June 29, 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-mojThe Ministry of Justice
Product-pdf_digital_signatureInstaller of PDF Digital Signature Plugin
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2190
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.24% / 46.47%
||
7 Day CHG~0.00%
Published-09 Jun, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in RW-4040 tool to verify execution environment for Windows 7 version 1.2.0.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-sharpSharp Corporation
Product-rw-4040RW-4040 tool to verify execution environment for Windows 7
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2271
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.18%
||
7 Day CHG~0.00%
Published-14 Jul, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Self-extracting encrypted files created by AttacheCase ver.2.8.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-hibaraHiBARA Software
Product-attachecaseSelf-extracting encrypted files created by AttacheCase
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2218
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.21% / 43.07%
||
7 Day CHG~0.00%
Published-07 Jul, 2017 | 13:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Installer of QuickTime for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-Apple Inc.Microsoft Corporation
Product-quicktimewindowsInstaller of QuickTime for Windows
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2206
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-1.54% / 80.62%
||
7 Day CHG~0.00%
Published-09 Jun, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in the installer of SaAT Netizen ver.1.2.10.510 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-saatNetMove Corporation
Product-netizenThe installer of SaAT Netizen
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2232
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.18%
||
7 Day CHG~0.00%
Published-07 Jul, 2017 | 13:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Installer of Shinseiyo Sogo Soft (4.8A) and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-mojThe Ministry of Justice
Product-shinseiyo_sogo_softInstaller of Shinseiyo Sogo Soft
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2270
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.06%
||
7 Day CHG~0.00%
Published-14 Jul, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.2.0.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-resume-nextTomoki Fuke
Product-filecapsule_deluxe_portableEncrypted files in self-decryption format created by FileCapsule Deluxe Portable
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2177
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.93% / 75.14%
||
7 Day CHG~0.00%
Published-09 Jun, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Installer of Shogyo Touki Denshi Ninsho Software Ver 1.7 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-shogyoMinistry of Justice
Product-touki_denshiInstaller of Shogyo Touki Denshi Ninsho Software
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2175
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.39% / 59.25%
||
7 Day CHG~0.00%
Published-22 May, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-ipaINFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)
Product-empirical_project_monitor_-_extendedEmpirical Project Monitor - eXtended
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2289
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.79%
||
7 Day CHG~0.00%
Published-18 Aug, 2017 | 13:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Installer of Qua station connection tool for Windows version 1.00.03 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-kddiKDDI CORPORATION
Product-qua_stationqua_station_firmwareInstaller of Qua station connection tool for Windows
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2192
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.24% / 46.47%
||
7 Day CHG~0.00%
Published-09 Jun, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in RW-5100 tool to verify execution environment for Windows 7 version 1.1.0.0 and RW-5100 tool to verify execution environment for Windows 8.1 version 1.2.0.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-sharpSharp Corporation
Product-rw-5100RW-5100 tool to verify execution environment for Windows 8.1RW-5100 tool to verify execution environment for Windows 7
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2191
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.18%
||
7 Day CHG~0.00%
Published-09 Jun, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in RW-5100 driver installer for Windows 7 version 1.0.0.9 and RW-5100 driver installer for Windows 8.1 version 1.0.1.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-sharpSharp Corporation
Product-rw-5100_driver_installer_for_windows_7rw-5100_driver_installer_for_windows_8.1RW-5100 driver installer for Windows 8.1RW-5100 driver installer for Windows 7
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2176
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.42% / 61.03%
||
7 Day CHG~0.00%
Published-09 Jun, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in screensaver installers (jasdf_01.exe, jasdf_02.exe, jasdf_03.exe, jasdf_04.exe, jasdf_05.exe, scramble_setup.exe, clock_01_setup.exe, clock_02_setup.exe) available prior to May 25, 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-jasdfJAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE
Product-screensaversscramble_setup.exejasdf_04.exejasdf_01.exejasdf_02.exejasdf_05.execlock_02_setup.exejasdf_03.execlock_01_setup.exe
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2242
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.06%
||
7 Day CHG~0.00%
Published-28 Aug, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Flets Setsuzoku Tool for Windows all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-nttNIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION
Product-flets_setsuzoku_toolFlets Setsuzoku Tool for Windows
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2268
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.06%
||
7 Day CHG~0.00%
Published-14 Jul, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.1.0.5.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-resume-nextTomoki Fuke
Product-filecapsule_deluxe_portableEncrypted files in self-decryption format created by FileCapsule Deluxe Portable
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2226
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.23% / 45.54%
||
7 Day CHG~0.00%
Published-07 Jul, 2017 | 13:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Setup file of advance preparation for e-Tax software (WEB version) (1.17.1) and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-ntaNational Tax Agency
Product-e-taxSetup file of advance preparation for e-Tax software (WEB version)
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2983
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-2.17% / 83.65%
||
7 Day CHG~0.00%
Published-14 Mar, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Shockwave versions 12.2.7.197 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to escalation of privilege.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-shockwave_playerAdobe Shockwave 12.2.7.197 and earlier.
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2247
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.06%
||
7 Day CHG~0.00%
Published-14 Jul, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Self-extracting archive files created by Lhaz version 2.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-chitoraChitora soft
Product-lhazSelf-extracting archive files created by Lhaz
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2130
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.39% / 59.25%
||
7 Day CHG~0.00%
Published-28 Apr, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer version Ver. 3.7.13 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-securebrainSecureBrain Corporation
Product-phishwall_clientThe installer of PhishWall Client Internet Explorer version
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2267
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.06%
||
7 Day CHG~0.00%
Published-14 Jul, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in FileCapsule Deluxe Portable Ver.1.0.5.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-resume-nextTomoki Fuke
Product-filecapsule_deluxe_portableFileCapsule Deluxe Portable
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2208
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.51% / 65.41%
||
7 Day CHG~0.00%
Published-07 Jul, 2017 | 13:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Installer of Electronic tendering and bid opening system available prior to June 12, 2017 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory.

Action-Not Available
Vendor-acquisition_technology_and_logistics_agencyAcquisition, Technology & Logistics Agency
Product-installer_of_electronic_tenderingInstaller of electronic tendering and bid opening system
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2225
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.58% / 67.88%
||
7 Day CHG~0.00%
Published-07 Jul, 2017 | 13:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in EbidSettingChecker.exe (version 1.0.0.0) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-mextMinistry of Education, Culture, Sports, Science and Technology (MEXT)
Product-ebidsettingcheckerEbidSettingChecker.exe
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2248
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.06%
||
7 Day CHG~0.00%
Published-14 Jul, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Installer of Lhaz+ version 3.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-chitoraChitora soft
Product-lhaz\+Installer of Lhaz+
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2221
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.18%
||
7 Day CHG~0.00%
Published-04 Aug, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Installer of Baidu IME Ver3.6.1.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-baiduBaidu Japan Inc.
Product-baidu_imeInstaller of Baidu IME
CWE ID-CWE-426
Untrusted Search Path
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found