CVE-2017-2252

HIGH

File Compact <5.10-7.02 - Privilege Escalation

Title source: llm

Description

Untrusted search path vulnerability in self-extracting archive files created by File Compact Ver.5 version 5.10 and earlier, Ver.6 version 6.02 and earlier, Ver.7 version 7.02 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

References (1)

Core 1

Core References

Third Party Advisory, VDB Entry third-party-advisory x_refsource_jvn

https://jvn.jp/en/jp/JVN29939155/index.html

Scores

CVSS v3 7.8

EPSS 0.0108

EPSS Percentile 60.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-426

Status published

Products (4)

sourcenext/file_compact < 5.09

SOURCENEXT CORPORATION/Self-extracting archive files created by File Compact Ver.5 version 5.10 and earlier

SOURCENEXT CORPORATION/Self-extracting archive files created by File Compact Ver.6 version 6.02 and earlier

SOURCENEXT CORPORATION/Self-extracting archive files created by File Compact Ver.7 version 7.02 and earlier

Published Jul 17, 2017

Tracked Since Feb 18, 2026