Untrusted Search Path Vulnerability in Lhaz+ by Chitora
CVE-2017-2249

7.8HIGH

Key Information:

Vendor: Chitora Soft
Status: Self-extracting Archive Files Created By Lhaz+
Vendor: CVE Published:; 17 July 2017

🔔 Create Chitora Soft Vulnerability Alert

What is CVE-2017-2249?

The Lhaz+ application, specifically versions 3.4.0 and earlier, is vulnerable to an untrusted search path issue. This flaw allows attackers to escalate privileges by placing a malicious DLL file in an unspecified directory. As a result, when the application attempts to execute, it could load the attacker’s DLL, potentially leading to unauthorized access or control over the affected system. Proper security mechanisms should be implemented to mitigate such risks.

Affected Version(s)

Self-extracting archive files created by Lhaz+ version 3.4.0 and earlier

References

https://jvn.jp/en/jp/JVN21369452/index.html

third-party-advisoryx_refsource_JVN

http://chitora.com/jvn21369452.html

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 17, 2017
Vulnerability Reserved
Dec 1, 2016

CVE-2017-2249 Data

JSON