Search criteria
3 vulnerabilities found for Photo Collection PC Software by NTT DOCOMO, INC.
CVE-2017-10812 (GCVE-0-2017-10812)
Vulnerability from cvelistv5 – Published: 2017-08-28 20:00 – Updated: 2024-08-05 17:50
VLAI?
Summary
Untrusted search path vulnerability in Photo Collection PC Software Ver.4.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity ?
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NTT DOCOMO, INC. | Photo Collection PC Software |
Affected:
Ver.4.0.2 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#67954465",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN67954465/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Photo Collection PC Software",
"vendor": "NTT DOCOMO, INC.",
"versions": [
{
"status": "affected",
"version": "Ver.4.0.2 and earlier"
}
]
}
],
"datePublic": "2017-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Photo Collection PC Software Ver.4.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#67954465",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN67954465/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10812",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Photo Collection PC Software",
"version": {
"version_data": [
{
"version_value": "Ver.4.0.2 and earlier"
}
]
}
}
]
},
"vendor_name": "NTT DOCOMO, INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Photo Collection PC Software Ver.4.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#67954465",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN67954465/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10812",
"datePublished": "2017-08-28T20:00:00",
"dateReserved": "2017-07-04T00:00:00",
"dateUpdated": "2024-08-05T17:50:12.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10812 (GCVE-0-2017-10812)
Vulnerability from nvd – Published: 2017-08-28 20:00 – Updated: 2024-08-05 17:50
VLAI?
Summary
Untrusted search path vulnerability in Photo Collection PC Software Ver.4.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity ?
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NTT DOCOMO, INC. | Photo Collection PC Software |
Affected:
Ver.4.0.2 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#67954465",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN67954465/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Photo Collection PC Software",
"vendor": "NTT DOCOMO, INC.",
"versions": [
{
"status": "affected",
"version": "Ver.4.0.2 and earlier"
}
]
}
],
"datePublic": "2017-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Photo Collection PC Software Ver.4.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#67954465",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN67954465/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10812",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Photo Collection PC Software",
"version": {
"version_data": [
{
"version_value": "Ver.4.0.2 and earlier"
}
]
}
}
]
},
"vendor_name": "NTT DOCOMO, INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Photo Collection PC Software Ver.4.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#67954465",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN67954465/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10812",
"datePublished": "2017-08-28T20:00:00",
"dateReserved": "2017-07-04T00:00:00",
"dateUpdated": "2024-08-05T17:50:12.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2017-000197
Vulnerability from jvndb - Published: 2017-08-22 12:34 - Updated:2018-02-28 12:13
Severity ?
Summary
Installer of Photo Collection PC Software provided by NTT DOCOMO, INC. may insecurely load Dynamic Link Libraries and invoke executable files
Details
Photo Collection PC Software provided by NTT DOCOMO, INC. contains an issue with the search paths for DLL/executable files, which may lead to insecurely loading Dynamic Link Libraries and invoking executable files (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000197.html",
"dc:date": "2018-02-28T12:13+09:00",
"dcterms:issued": "2017-08-22T12:34+09:00",
"dcterms:modified": "2018-02-28T12:13+09:00",
"description": "Photo Collection PC Software provided by NTT DOCOMO, INC. contains an issue with the search paths for DLL/executable files, which may lead to insecurely loading Dynamic Link Libraries and invoking executable files (CWE-427).\r\n\r\nEili Masami of Tachibana Lab. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000197.html",
"sec:cpe": {
"#text": "cpe:/a:nttdocomo:photo_collection_pc_software",
"@product": "Photo Collection PC Software",
"@vendor": "NTT DOCOMO, INC.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000197",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN67954465/index.html",
"@id": "JVN#67954465",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/ta/JVNTA91240916/",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10812",
"@id": "CVE-2017-10812",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10812",
"@id": "CVE-2017-10812",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Installer of Photo Collection PC Software provided by NTT DOCOMO, INC. may insecurely load Dynamic Link Libraries and invoke executable files"
}