ID CVE-2012-1242Type cveReporter cve@mitre.orgModified 2017-12-14T02:29:00
Description
Untrusted search path vulnerability in JustSystems Ichitaro 2011 Sou, Ichitaro 2006 through 2011, Ichitaro Government 2006 through 2010, Ichitaro Portable with oreplug, Ichitaro Viewer, JUST School, JUST School 2009 and 2010, JUST Jump 4, JUST Frontier, and oreplug allows local users to gain privileges via a Trojan horse DLL in the current working directory.
Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'
{"id": "CVE-2012-1242", "bulletinFamily": "NVD", "title": "CVE-2012-1242", "description": "Untrusted search path vulnerability in JustSystems Ichitaro 2011 Sou, Ichitaro 2006 through 2011, Ichitaro Government 2006 through 2010, Ichitaro Portable with oreplug, Ichitaro Viewer, JUST School, JUST School 2009 and 2010, JUST Jump 4, JUST Frontier, and oreplug allows local users to gain privileges via a Trojan horse DLL in the current working directory.\nPer: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'", "published": "2012-04-27T18:55:00", "modified": "2017-12-14T02:29:00", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1242", "reporter": "cve@mitre.org", "references": ["http://jvn.jp/en/jp/JVN95378720/index.html", "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000034", "http://osvdb.org/81472", "http://www.justsystems.com/jp/info/js12001.html"], "cvelist": ["CVE-2012-1242"], "type": "cve", "lastseen": "2020-10-03T12:06:01", "edition": 3, "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "jvn", "idList": ["JVN:95378720"]}], "modified": "2020-10-03T12:06:01", "rev": 2}, "score": {"value": 3.6, "vector": "NONE", "modified": "2020-10-03T12:06:01", "rev": 2}, "vulnersScore": 3.6}, "cpe": ["cpe:/a:justsystems:ichitaro:2006", "cpe:/a:justsystems:just_frontier:-", "cpe:/a:justsystems:ichitaro:2009", "cpe:/a:justsystems:ichitaro_viewer:-", "cpe:/a:justsystems:just_school:2009", "cpe:/a:justsystems:just_school:-", "cpe:/a:justsystems:just_jump:4", "cpe:/a:justsystems:oreplug:-", "cpe:/a:justsystems:just_school:2010", "cpe:/a:justsystems:ichitaro:2011", "cpe:/a:justsystems:ichitaro:2007", "cpe:/a:justsystems:ichitaro:2008", "cpe:/a:justsystems:ichitaro_portable_with_oreplug:-", "cpe:/a:justsystems:ichitaro:2010"], "affectedSoftware": [{"cpeName": "justsystems:just_school", "name": "justsystems just school", "operator": "eq", "version": "2010"}, {"cpeName": "justsystems:ichitaro_viewer", "name": "justsystems ichitaro viewer", "operator": "eq", "version": "-"}, {"cpeName": "justsystems:ichitaro", "name": "justsystems ichitaro", "operator": "eq", "version": "2007"}, {"cpeName": "justsystems:ichitaro", "name": "justsystems ichitaro", "operator": "eq", "version": "2007"}, {"cpeName": "justsystems:just_school", "name": "justsystems just school", "operator": "eq", "version": "2009"}, {"cpeName": "justsystems:just_school", "name": "justsystems just school", "operator": "eq", "version": "-"}, {"cpeName": "justsystems:ichitaro_portable_with_oreplug", "name": "justsystems ichitaro portable with oreplug", "operator": "eq", "version": "-"}, {"cpeName": "justsystems:ichitaro", "name": "justsystems ichitaro", "operator": "eq", "version": "2006"}, {"cpeName": "justsystems:ichitaro", "name": "justsystems ichitaro", "operator": "eq", "version": "2006"}, {"cpeName": "justsystems:just_jump", "name": "justsystems just jump", "operator": "eq", "version": "4"}, {"cpeName": "justsystems:ichitaro", "name": "justsystems ichitaro", "operator": "eq", "version": "2008"}, {"cpeName": "justsystems:ichitaro", "name": "justsystems ichitaro", "operator": "eq", "version": "2008"}, {"cpeName": "justsystems:ichitaro", "name": "justsystems ichitaro", "operator": "eq", "version": "2009"}, {"cpeName": "justsystems:ichitaro", "name": "justsystems ichitaro", "operator": "eq", "version": "2009"}, {"cpeName": "justsystems:just_frontier", "name": "justsystems just frontier", "operator": "eq", "version": "-"}, {"cpeName": "justsystems:oreplug", "name": "justsystems oreplug", "operator": "eq", "version": "-"}, {"cpeName": "justsystems:ichitaro", "name": "justsystems ichitaro", "operator": "eq", "version": "2010"}, {"cpeName": "justsystems:ichitaro", "name": "justsystems ichitaro", "operator": "eq", "version": "2010"}, {"cpeName": "justsystems:ichitaro", "name": "justsystems ichitaro", "operator": "eq", "version": "2011"}, {"cpeName": "justsystems:ichitaro", "name": "justsystems ichitaro", "operator": "eq", "version": "2011"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "cpe23": ["cpe:2.3:a:justsystems:ichitaro_portable_with_oreplug:-:*:*:*:*:*:*:*", "cpe:2.3:a:justsystems:ichitaro:2007:*:*:*:*:*:*:*", "cpe:2.3:a:justsystems:just_school:2009:*:*:*:*:*:*:*", "cpe:2.3:a:justsystems:ichitaro:2006:-:government:*:*:*:*:*", "cpe:2.3:a:justsystems:just_school:-:*:*:*:*:*:*:*", "cpe:2.3:a:justsystems:just_jump:4:*:*:*:*:*:*:*", "cpe:2.3:a:justsystems:just_frontier:-:*:*:*:*:*:*:*", "cpe:2.3:a:justsystems:ichitaro:2006:*:*:*:*:*:*:*", "cpe:2.3:a:justsystems:ichitaro:2008:*:*:*:*:*:*:*", "cpe:2.3:a:justsystems:ichitaro:2011:-:sou:*:*:*:*:*", "cpe:2.3:a:justsystems:ichitaro:2008:-:government:*:*:*:*:*", "cpe:2.3:a:justsystems:oreplug:-:*:*:*:*:*:*:*", "cpe:2.3:a:justsystems:ichitaro:2010:-:government:*:*:*:*:*", "cpe:2.3:a:justsystems:ichitaro:2007:-:government:*:*:*:*:*", "cpe:2.3:a:justsystems:ichitaro_viewer:-:*:*:*:*:*:*:*", "cpe:2.3:a:justsystems:ichitaro:2009:*:*:*:*:*:*:*", "cpe:2.3:a:justsystems:ichitaro:2011:*:*:*:*:*:*:*", "cpe:2.3:a:justsystems:ichitaro:2009:-:government:*:*:*:*:*", "cpe:2.3:a:justsystems:just_school:2010:*:*:*:*:*:*:*", "cpe:2.3:a:justsystems:ichitaro:2010:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:justsystems:ichitaro_viewer:-:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:justsystems:just_school:-:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:justsystems:ichitaro:2007:-:government:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:justsystems:ichitaro:2010:-:government:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:justsystems:just_frontier:-:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:justsystems:just_school:2010:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:justsystems:ichitaro:2008:-:government:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:justsystems:ichitaro:2011:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:justsystems:ichitaro:2006:-:government:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:justsystems:ichitaro:2008:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:justsystems:oreplug:-:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:justsystems:ichitaro:2006:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:justsystems:ichitaro:2009:-:government:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:justsystems:just_school:2009:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:justsystems:ichitaro:2010:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:justsystems:ichitaro:2007:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:justsystems:ichitaro:2011:-:sou:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:justsystems:ichitaro_portable_with_oreplug:-:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:justsystems:just_jump:4:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:justsystems:ichitaro:2009:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}}
{"jvn": [{"lastseen": "2019-05-29T17:21:46", "bulletinFamily": "info", "cvelist": ["CVE-2012-1242"], "description": "\n ## Description\n\nMultiple JustSystems products contain an issue with the DLL search path, which may lead to insecurely loading dynamic libraries.\n\n ## Impact\n\nArbitrary code may be executed with the privileges of the running application. \n\n\n ## Solution\n\n**Update the software** \nApply the appropriate update according to the information provided by the developer. \n\n\n ## Products Affected\n\n * Ichitaro 2011 Sou\n * Ichitaro 2011/2010/2009/2008/2007/2006\n * Ichitaro Government 2010/2009/2008/2007/2006\n * Ichitaro Portable with oreplug\n * Ichitaro Viewer\n * JUST School 2010/2009\n * JUST School\n * JUST Jump 4\n * JUST Frontier\n * oreplug\n", "edition": 4, "modified": "2012-04-24T00:00:00", "published": "2012-04-24T00:00:00", "id": "JVN:95378720", "href": "http://jvn.jp/en/jp/JVN95378720/index.html", "title": "JVN#95378720: Multiple JustSystems products may insecurely load dynamic libraries", "type": "jvn", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}]}
