Vulnerability CVE-2018-0580


Published: 2018-05-14

Description:
Untrusted search path vulnerability in CELSYS, Inc CLIP STUDIO series (CLIP STUDIO PAINT (for Windows) EX/PRO/DEBUT Ver.1.7.3 and earlier, CLIP STUDIO ACTION (for Windows) Ver.1.5.5 and earlier, with its timestamp prior to April 25, 2018, 12:11:31, and CLIP STUDIO MODELER (for Windows) Ver.1.6.3 and earlier, with its timestamp prior to April 25, 2018, 17:02:49) allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.

Type:

CWE-426

(Untrusted Search Path)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Celsys -> Clip studio action 
Celsys -> Clip studio modeler 
Celsys -> Clip studio paint 

 References:
http://www.clipstudio.net/en/dl
https://jvn.jp/en/jp/JVN68345747/
https://www.clip-studio.com/clip_site/download/clipstudioaction/csaupdater/index_win

Copyright 2024, cxsecurity.com

 

Back to Top