Untrusted Search Path Vulnerability in RW-4040 Tool by Vendor
CVE-2017-2190

7.8HIGH

Key Information:

Vendor: Sharp Corporation
Status: Rw-4040 Tool To Verify Execution Environment For Windows 7
Vendor: CVE Published:; 9 June 2017

🔔 Create Sharp Corporation Vulnerability Alert

What is CVE-2017-2190?

A security flaw exists in the RW-4040 tool that allows unauthorized privileges to be escalated through the exploitation of an untrusted search path. This vulnerability occurs when the tool fails to validate the directories from which it loads dynamic link libraries (DLLs). An attacker can place a Trojan horse DLL in a directory that is searched by the RW-4040 tool, leading to execution of malicious code in the context of the user running the tool. This not only compromises the integrity of the software but also exposes sensitive user data and system security.

Affected Version(s)

RW-4040 tool to verify execution environment for Windows 7 version 1.2.0.0

References

http://www.securityfocus.com/bid/99290

vdb-entryx_refsource_BID

http://jvn.jp/en/jp/JVN51274854/index.html

third-party-advisoryx_refsource_JVN

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2017
Vulnerability Reserved
Dec 1, 2016