Published:2018/07/20  Last Updated:2018/07/20

JVN#06813756
DLL planting vulnerability in multiple Yayoi 17 Series products

Overview

Multiple Yayoi 17 Series products contain a DLL planting vulnerability.

Products Affected

  • Yayoi Kaikei 17 Series Ver.23.1.1 and earlier
  • Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier
  • Yayoi Kyuuyo 17 Ver.20.1.4 and earlier
  • Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier
  • Yayoi Hanbai 17 Series Ver.20.0.2 and earlier
  • Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier

Description

Multiple Yayoi 17 Series products provided by Yayoi Co., Ltd. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).

Impact

Arbitrary code may be executed with the privilege of the running application.

Solution

Update the Software
Apply the appropriate update according to the information provided by the developer.

Vendor Status

Vendor Status Last Update Vendor Notes
Yayoi Co., Ltd. Vulnerable 2018/07/20

References

  1. Japan Vulnerability Note JVNTA#91240916
    Insecure DLL Loading and Command Execution Issues on Many Windows Application Programs

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score: 7.8
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)
CVSS v2 AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score: 6.8
Access Vector(AV) Local (L) Adjacent Network (A) Network (N)
Access Complexity(AC) High (H) Medium (M) Low (L)
Authentication(Au) Multiple (M) Single (S) None (N)
Confidentiality Impact(C) None (N) Partial (P) Complete (C)
Integrity Impact(I) None (N) Partial (P) Complete (C)
Availability Impact(A) None (N) Partial (P) Complete (C)

Comment

This analysis assumes that the user is tricked into placing a malicious DLL file prepared by an attacker in a specific folder.

Credit

Eiji James Yoshida of Security Professionals Network Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2018-0623
CVE-2018-0624
JVN iPedia JVNDB-2018-000074