2 matches found
CVE-2017-2210
PatchJGD installer (PatchJGD101.EXE, v1.0.1) is affected by an untrusted DLL search path (CWE-427) vulnerability, enabling privilege escalation via a Trojan DLL in an attacker-controlled directory. The issue affects the installer supplied by GSI; attackers could gain the invoking user’s privilege...
JVN#52691241: Multiple installers of the software provided by Geospatial Information Authority of Japan (GSI) may insecurely load Dynamic Link Libraries
Multiple installers of the software provided by Geospatial Information Authority of Japan GSI contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer...