CVE-2018-0624

🗓️ 07 Sep 2018 14:00:00Reported by jpcertType

Untrusted search path vulnerability in Multiple Yayoi 17 Series products allows privilege escalation via a Trojan horse DLL

Reporter	Title	Published	Views	Family All 14
0day.today	Microsoft COM for Windows - Privilege Escalation Exploit	19 Jun 201800:00	–	zdt
Circl	CVE-2018-0624	15 Jun 201822:35	–	circl
Cvelist	CVE-2018-0624	7 Sep 201814:00	–	cvelist
Exploit DB	Microsoft COM for Windows - Privilege Escalation	18 Jun 201800:00	–	exploitdb
EUVD	EUVD-2018-1434	7 Oct 202500:30	–	euvd
exploitpack	Microsoft COM for Windows - Privilege Escalation	18 Jun 201800:00	–	exploitpack
Japan Vulnerability Notes	JVN#06813756: DLL planting vulnerability in multiple Yayoi 17 Series products	20 Jul 201800:00	–	jvn
Japan Vulnerability Notes	DLL planting vulnerability in multiple Yayoi 17 Series products	20 Jul 201806:41	–	jvn
NVD	CVE-2018-0624	7 Sep 201814:29	–	nvd
OSV	CVE-2018-0624	7 Sep 201814:29	–	osv

NVD

Node

yayoi-kk aoiro_shinkokuRange≤23.1.1

yayoi-kk hanbaiRange≤20.0.2

yayoi-kk kaikeiRange≤23.1.1

yayoi-kk kokyaku_kanriRange≤11.0.2

yayoi-kk kyuuyoRange≤20.1.4

yayoi-kk kyuuyo_keisanRange≤20.1.4

[
  {
    "product": "Multiple Yayoi 17 Series products",
    "vendor": "Yayoi Co., Ltd.",
    "versions": [
      {
        "status": "affected",
        "version": "(Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver.20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier)"
      }
    ]
  }
]

Source	Link
jvn	www.jvn.jp/en/jp/JVN06813756/index.html

21 Nov 2024 03:38Current

7.5High risk

Vulners AI Score7.5

CVSS 26.8

CVSS 37.8

EPSS0.00305

CWE-426

yayoi 17 series vulnerability privilege escalation trojan horse dll untrusted search path