Lucene search

K
cve[email protected]CVE-2017-2233
HistoryJul 07, 2017 - 1:29 p.m.

CVE-2017-2233

2017-07-0713:29:01
CWE-426
web.nvd.nist.gov
28
cve-2017-2233
untrusted search path
installer
pdf digital signature plugin
vulnerability
privilege escalation

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

25.0%

Untrusted search path vulnerability in Installer of PDF Digital Signature Plugin (G2.30) and earlier, distributed till June 29, 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Affected configurations

NVD
Node
mojpdf_digital_signatureRangeg2.30

CNA Affected

[
  {
    "product": "Installer of PDF Digital Signature Plugin",
    "vendor": "The Ministry of Justice",
    "versions": [
      {
        "status": "affected",
        "version": "(G2.30) and earlier, distributed till June 29, 2017"
      }
    ]
  }
]

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

25.0%

Related for CVE-2017-2233