CVE-2016-4902

HIGH

The Public Certification Service for Individuals < 2.6 and < 3.0.1 - Untrusted Search Path

Title source: llm
STIX 2.1

Description

Untrusted search path vulnerability in The Public Certification Service for Individuals "The JPKI user's software (for Windows 7 and later)" Ver3.0.1 and earlier, The Public Certification Service for Individuals "The JPKI user's software (for Windows Vista)" Ver3.0.1 and earlier and The Public Certification Service for Individuals "The JPKI user's software" Ver2.6 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry third-party-advisory x_refsource_jvn
https://jvn.jp/en/jp/JVN91002412/index.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/94087

Scores

CVSS v3 7.8
EPSS 0.0183
EPSS Percentile 76.0%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-426
Status published
Products (6)
Japan Agency for Local Authority Information Systems/The Public Certification Service for Individuals "The JPKI user's software (for Windows 7 and later)" Ver3.0.1 and earlier
Japan Agency for Local Authority Information Systems/The Public Certification Service for Individuals "The JPKI user's software (for Windows Vista)" Ver3.0.1 and earlier
Japan Agency for Local Authority Information Systems/The Public Certification Service for Individuals "The JPKI user's software" Ver2.6 and earlier
jpki/the_public_certification_service_for_individuals < 2.6
jpki/the_public_certification_service_for_individuals_for_windows_7 < 3.0.1
jpki/the_public_certification_service_for_individuals_for_windows_vista < 3.0.1
Published Jun 09, 2017
Tracked Since Feb 18, 2026