CVE-2017-2154

Untrusted search path vulnerability in Hanako 2017, Hanako 2016, Hanako 2015, Hanako Pro 3, JUST Office 3 [Standard], JUST Office 3 [Eco Print Package], JUST Office 3 & Tri-De DataProtect Package, JUST Government 3, JUST Jump Class 2, JUST Frontier 3, JUST School 6 Premium, Hanako Police 5, JUST Police 3, Hanako 2017 trial version allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:justsystems:hanako:2015:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:hanako:2016:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:hanako:2017:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:hanako:2017:*:*:*:trial_version:*:*:*
cpe:2.3:a:justsystems:hanako_police:5:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:hanako_pro:3:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_frontier:3:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_government:3:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_jump_class:2:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_office:3:*:*:*:eco_print_pack:*:*:*
cpe:2.3:a:justsystems:just_office:3:*:*:*:standard:*:*:*
cpe:2.3:a:justsystems:just_office:3:*:*:*:tri-de_dataprotect_pack:*:*:*
cpe:2.3:a:justsystems:just_police:3:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_school:6:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_school:6:*:*:*:premium:*:*:*

History

21 Nov 2024, 03:22

Type Values Removed Values Added
References () https://jvn.jp/en/jp/JVN54268888/index.html - Third Party Advisory, VDB Entry () https://jvn.jp/en/jp/JVN54268888/index.html - Third Party Advisory, VDB Entry
References () https://www.justsystems.com/jp/info/js17002.html - Vendor Advisory () https://www.justsystems.com/jp/info/js17002.html - Vendor Advisory

Information

Published : 2017-04-28 16:59

Updated : 2024-11-21 03:22


NVD link : CVE-2017-2154

Mitre link : CVE-2017-2154

CVE.ORG link : CVE-2017-2154


JSON object : View

Products Affected

justsystems

  • just_office
  • just_frontier
  • just_police
  • just_jump_class
  • just_government
  • just_school
  • hanako_pro
  • hanako_police
  • hanako
CWE
CWE-20

Improper Input Validation