Published:2017/06/26  Last Updated:2017/06/26

JVN#01775119
Denshi Nyusatsu Check Tool provided by Ministry of Education, Culture, Sports, Science and Technology may insecurely load Dynamic Link Libraries

Overview

Denshi Nyusatsu Check Tool provided by Ministry of Education, Culture, Sports, Science and Technology (MEXT) may insecurely load Dynamic Link Libraries

Products Affected

  • EbidSettingChecker.exe(version 1.0.0.0)

Description

Denshi Nyusatsu Check Tool provided by Ministry of Education, Culture, Sports, Science and Technology (MEXT) contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).

Impact

Arbitrary code may be executed with the privilege of the user running the application.

Solution

Update the software
Update to the latest version according to the information provided by the developer.
This vulnerability was addressed in Ver1.1.0.0.

Vendor Status

Vendor Link
Ministry of Education, Culture, Sports, Science and Technology (MEXT) E-bidding portal

References

  1. Japan Vulnerability Notes JVNTA#91240916
    Insecure DLL Loading and Command Execution Issues on Many Windows Application Programs

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score: 7.8
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)
CVSS v2 AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score: 6.8
Access Vector(AV) Local (L) Adjacent Network (A) Network (N)
Access Complexity(AC) High (H) Medium (M) Low (L)
Authentication(Au) Multiple (M) Single (S) None (N)
Confidentiality Impact(C) None (N) Partial (P) Complete (C)
Integrity Impact(I) None (N) Partial (P) Complete (C)
Availability Impact(A) None (N) Partial (P) Complete (C)

Comment

This analysis assumes that the user is tricked into placing a malicious DLL file prepared by an attacker in a specific folder.

Credit

Takashi Yoshikawa of Mitsui Bussan Secure Directions reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2017-2225
JVN iPedia JVNDB-2017-000144