Untrusted Search Path Vulnerability in Lhaz+ Installer
CVE-2017-2248

7.8HIGH

Key Information:

Vendor: Chitora Soft
Status: Installer Of Lhaz+
Vendor: CVE Published:; 17 July 2017

🔔 Create Chitora Soft Vulnerability Alert

What is CVE-2017-2248?

The untrusted search path vulnerability in the Installer of Lhaz+ version 3.4.0 and earlier creates a significant security concern, allowing attackers to exploit the installation process. By placing a malicious DLL file in a directory used by the installer, an attacker can gain elevated privileges, compromising the system's integrity. This vulnerability underscores the importance of secure software development practices, particularly in managing search paths for dynamic-link libraries to prevent unauthorized access and potential exploitation.

Affected Version(s)

Installer of Lhaz+ version 3.4.0 and earlier

References

https://jvn.jp/en/jp/JVN21369452/index.html

third-party-advisoryx_refsource_JVN

http://chitora.com/jvn21369452.html

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 17, 2017
Vulnerability Reserved
Dec 1, 2016

CVE-2017-2248 Data

JSON