CVE-2017-2176

HIGH

JASDF Screensavers - Untrusted Search Path

Title source: llm
STIX 2.1

Description

Untrusted search path vulnerability in screensaver installers (jasdf_01.exe, jasdf_02.exe, jasdf_03.exe, jasdf_04.exe, jasdf_05.exe, scramble_setup.exe, clock_01_setup.exe, clock_02_setup.exe) available prior to May 25, 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

References (3)

Core 3
Core References
Third Party Advisory x_refsource_confirm
http://www.mod.go.jp/asdf/information/index.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/98823
Third Party Advisory, VDB Entry third-party-advisory x_refsource_jvn
http://jvn.jp/en/jp/JVN41185163/index.html

Scores

CVSS v3 7.8
EPSS 0.0143
EPSS Percentile 69.4%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-426
Status published
Products (9)
JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE/clock_01_setup.exe available prior to May 25, 2017
JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE/clock_02_setup.exe available prior to May 25, 2017
JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE/jasdf_01.exe available prior to May 25, 2017
JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE/jasdf_02.exe available prior to May 25, 2017
JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE/jasdf_03.exe available prior to May 25, 2017
JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE/jasdf_04.exe available prior to May 25, 2017
JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE/jasdf_05.exe available prior to May 25, 2017
JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE/scramble_setup.exe available prior to May 25, 2017
jasdf/screensavers
Published Jun 09, 2017
Tracked Since Feb 18, 2026