JVN#20409270
Installer of Douroshisetu Kihon Data Sakusei System may insecurely load Dynamic Link Libraries
Overview
Installer of Douroshisetu Kihon Data Sakusei System provided by National Institute for Land and Infrastructure Management may insecurely load Dynamic Link Libraries.
Products Affected
- Douroshisetu Kihon Data Sakusei System Ver1.0.2 and earlier
Description
The installer of Douroshisetu Kihon Data Sakusei System provided by National Institute for Land and Infrastructure Management contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Impact
Arbitrary code may be executed with the privilege of the use invoking the installer.
Solution
Apply Workaround
Be sure to check no malicious file exists in the same directory where the installer is placed.
According to the developer, the distributed archive file contains a directory and the installer (setup.exe) in it.
When extracting the archive file, a clean directory which contains the installer is created.
Be sure not to copy any files into this directory before executing the installer. Keep this directory clean.
Vendor Status
| Vendor | Link |
| National Institute for Land and Infrastructure Management | Douro kouji kannseizutou sakusei sien site |
| Help Desk |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
| Access Vector(AV) | Local (L) | Adjacent Network (A) | Network (N) |
|---|---|---|---|
| Access Complexity(AC) | High (H) | Medium (M) | Low (L) |
| Authentication(Au) | Multiple (M) | Single (S) | None (N) |
| Confidentiality Impact(C) | None (N) | Partial (P) | Complete (C) |
| Integrity Impact(I) | None (N) | Partial (P) | Complete (C) |
| Availability Impact(A) | None (N) | Partial (P) | Complete (C) |
Comment
This analysis assumes that the user is tricked into placing a malicious DLL file prepared by an attacker in a specific folder.
Credit
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2017-2229 |
| JVN iPedia |
JVNDB-2017-000162 |