Untrusted Search Path Vulnerability in Yahoo! Toolbar for Internet Explorer
CVE-2017-2253

7.8HIGH

Key Information:

Vendor: Yahoo Japan Corporation
Status: Installer Of Yahoo! Toolbar (for Internet Explorer)
Vendor: CVE Published:; 17 July 2017

🔔 Create Yahoo Japan Corporation Vulnerability Alert

What is CVE-2017-2253?

A vulnerability exists in Yahoo! Toolbar's Installer for Internet Explorer versions v8.0.0.6 and earlier, which allows an attacker to exploit an untrusted search path. This could lead to unauthorized privilege escalation through the installation of a Trojan horse DLL from an unspecified directory, potentially compromising system security. Users are advised to update to the latest version and implement appropriate security measures.

Affected Version(s)

Installer of Yahoo! Toolbar (for Internet explorer) v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55

References

https://jvn.jp/en/jp/JVN02852421/index.html

third-party-advisoryx_refsource_JVN

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 17, 2017
Vulnerability Reserved
Dec 1, 2016

CVE-2017-2253 Data

JSON