Vulnerability CVE-2016-7818
Published: 2017-06-09

Description:
Untrusted search path vulnerability in Installers for Specification check program (social insurance) Ver. 9.00 and earlier, TODOKESHO print program Ver. 5.00 and earlier, Device data encryption program Ver. 1.00 and earlier, and TODOKESHO creation program Ver. 15.00 and earlier available prior to October 17, 2016 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Japan pension service -> Specification check program 
Japan pension service -> Todokesho creation program 
Japan pension service -> Device data encryption program 
Japan pension service -> Todokesho print program 

 References:
http://www.nenkin.go.jp/denshibenri/setsumei/0104.html
http://www.nenkin.go.jp/denshibenri/setsumei/20140630.html
http://www.nenkin.go.jp/denshibenri/setsumei/20150105-03.html
http://www.nenkin.go.jp/denshibenri/setsumei/20150415.html#cmscheck
http://www.securityfocus.com/bid/94616
https://jvn.jp/en/jp/JVN08868688/index.html
Copyright 2024, cxsecurity.com

 

Back to Top