CVE-2017-2157
HIGHThe Public Certification Service - Privilege Escalation
Title source: llmDescription
Untrusted search path vulnerability in installers for The Public Certification Service for Individuals "The JPKI user's software (for Windows 7 and later)" Ver3.1 and earlier, The Public Certification Service for Individuals "The JPKI user's software (for Windows Vista)", The Public Certification Service for Individuals "The JPKI user's software" Ver2.6 and earlier that were available until April 27, 2017 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.jpki.go.jp/download/win.html#dl
Third Party Advisory, VDB Entry third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN39605485/index.html
Scores
CVSS v3
7.3
EPSS
0.0050
EPSS Percentile
39.0%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-426
Status
published
Products (6)
Japan Agency for Local Authority Information Systems/Installer for The Public Certification Service for Individuals "The JPKI user's software (for Windows 7 and later)"
Ver3.1 and earlier that was available until April 27, 2017
Japan Agency for Local Authority Information Systems/Installer for The Public Certification Service for Individuals "The JPKI user's software (for Windows Vista)"
available until April 27, 2017
Japan Agency for Local Authority Information Systems/Installer for The Public Certification Service for Individuals "The JPKI user's software"
Ver2.6 and earlier that was available until April 27, 2017
jpki/the_public_certification_service_for_individuals
jpki/the_public_certification_service_for_individuals
< 2.6
jpki/the_public_certification_service_for_individuals
< 3.1
Published
May 12, 2017
Tracked Since
Feb 18, 2026