CVE-2017-2154

Untrusted search path vulnerability in Hanako 2017, Hanako 2016, Hanako 2015, Hanako Pro 3, JUST Office 3 [Standard], JUST Office 3 [Eco Print Package], JUST Office 3 & Tri-De DataProtect Package, JUST Government 3, JUST Jump Class 2, JUST Frontier 3, JUST School 6 Premium, Hanako Police 5, JUST Police 3, Hanako 2017 trial version allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
References
Link Resource
https://www.justsystems.com/jp/info/js17002.html Vendor Advisory
https://jvn.jp/en/jp/JVN54268888/index.html Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:justsystems:hanako:2017:*:*:*:trial_version:*:*:*
cpe:2.3:a:justsystems:just_police:3:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_office:3:*:*:*:eco_print_pack:*:*:*
cpe:2.3:a:justsystems:just_office:3:*:*:*:tri-de_dataprotect_pack:*:*:*
cpe:2.3:a:justsystems:just_government:3:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_office:3:*:*:*:standard:*:*:*
cpe:2.3:a:justsystems:hanako_police:5:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_school:6:*:*:*:premium:*:*:*
cpe:2.3:a:justsystems:hanako_pro:3:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:hanako:2015:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_school:6:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:hanako:2017:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_frontier:3:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:hanako:2016:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_jump_class:2:*:*:*:*:*:*:*

Information

Published : 2017-04-28 09:59

Updated : 2017-05-11 18:29


NVD link : CVE-2017-2154

Mitre link : CVE-2017-2154


JSON object : View

CWE
CWE-20

Improper Input Validation

Advertisement

dedicated server usa

Products Affected

justsystems

  • just_school
  • just_government
  • just_police
  • just_jump_class
  • hanako_pro
  • hanako_police
  • just_office
  • just_frontier
  • hanako