Vulnerability-Lookup

CNVD-2018-13783

Vulnerability from cnvd - Published: 2018-07-24

Title

CELSYS CLIP STUDIO PAINT、CLIP STUDIO ACTION和CLIP STUDIO MODELER DLL搜索路径漏洞

Description

CELSYS CLIP STUDIO PAINT、CLIP STUDIO ACTION和CLIP STUDIO MODELER都是日本CELSYS公司的产品。CELSYS CLIP STUDIO PAINT是一套漫画、插图制作工具。CLIP STUDIO ACTION是一套3D动画制作软件。CLIP STUDIO MODELER是3D模型制作插件。 CELSYS CLIP STUDIO PAINT、CLIP STUDIO ACTION和CLIP STUDIO MODELER中存在安全漏洞。远程攻击者可借助目录下的恶意DLL利用该漏洞获取权限。

Severity

中

Patch Name

CELSYS CLIP STUDIO PAINT、CLIP STUDIO ACTION和CLIP STUDIO MODELER DLL搜索路径漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： http://www.clipstudio.net/en/dl

Reference

http://www.clipstudio.net/en/dl https://jvn.jp/en/jp/JVN68345747/

Impacted products

Name
['CELSYS, Inc. STUDIO PAINT (for Windows) EX/PRO/DEBUT <=1.7.3', 'CELSYS, Inc. CLIP STUDIO MODELER <=1.6.3', 'CELSYS, Inc. CLIP STUDIO ACTION <=1.5.5']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-0580"
    }
  },
  "description": "CELSYS CLIP STUDIO PAINT\u3001CLIP STUDIO ACTION\u548cCLIP STUDIO MODELER\u90fd\u662f\u65e5\u672cCELSYS\u516c\u53f8\u7684\u4ea7\u54c1\u3002CELSYS CLIP STUDIO PAINT\u662f\u4e00\u5957\u6f2b\u753b\u3001\u63d2\u56fe\u5236\u4f5c\u5de5\u5177\u3002CLIP STUDIO ACTION\u662f\u4e00\u59573D\u52a8\u753b\u5236\u4f5c\u8f6f\u4ef6\u3002CLIP STUDIO MODELER\u662f3D\u6a21\u578b\u5236\u4f5c\u63d2\u4ef6\u3002\r\n\r\nCELSYS CLIP STUDIO PAINT\u3001CLIP STUDIO ACTION\u548cCLIP STUDIO MODELER\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u76ee\u5f55\u4e0b\u7684\u6076\u610fDLL\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u6743\u9650\u3002",
  "discovererName": "unknwon",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://www.clipstudio.net/en/dl",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-13783",
  "openTime": "2018-07-24",
  "patchDescription": "CELSYS CLIP STUDIO PAINT\u3001CLIP STUDIO ACTION\u548cCLIP STUDIO MODELER\u90fd\u662f\u65e5\u672cCELSYS\u516c\u53f8\u7684\u4ea7\u54c1\u3002CELSYS CLIP STUDIO PAINT\u662f\u4e00\u5957\u6f2b\u753b\u3001\u63d2\u56fe\u5236\u4f5c\u5de5\u5177\u3002CLIP STUDIO ACTION\u662f\u4e00\u59573D\u52a8\u753b\u5236\u4f5c\u8f6f\u4ef6\u3002CLIP STUDIO MODELER\u662f3D\u6a21\u578b\u5236\u4f5c\u63d2\u4ef6\u3002\r\n\r\nCELSYS CLIP STUDIO PAINT\u3001CLIP STUDIO ACTION\u548cCLIP STUDIO MODELER\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u76ee\u5f55\u4e0b\u7684\u6076\u610fDLL\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "CELSYS CLIP STUDIO PAINT\u3001CLIP STUDIO ACTION\u548cCLIP STUDIO MODELER DLL\u641c\u7d22\u8def\u5f84\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "CELSYS, Inc. STUDIO PAINT (for Windows) EX/PRO/DEBUT \u003c=1.7.3",
      "CELSYS, Inc. CLIP STUDIO MODELER \u003c=1.6.3",
      "CELSYS, Inc. CLIP STUDIO ACTION \u003c=1.5.5"
    ]
  },
  "referenceLink": "http://www.clipstudio.net/en/dl\r\nhttps://jvn.jp/en/jp/JVN68345747/",
  "serverity": "\u4e2d",
  "submitTime": "2018-05-16",
  "title": "CELSYS CLIP STUDIO PAINT\u3001CLIP STUDIO ACTION\u548cCLIP STUDIO MODELER DLL\u641c\u7d22\u8def\u5f84\u6f0f\u6d1e"
}

CVE-2018-0580 (GCVE-0-2018-0580)

Vulnerability from cvelistv5 – Published: 2018-05-14 13:00 – Updated: 2024-08-05 03:28

Summary

Untrusted search path vulnerability in CELSYS, Inc CLIP STUDIO series (CLIP STUDIO PAINT (for Windows) EX/PRO/DEBUT Ver.1.7.3 and earlier, CLIP STUDIO ACTION (for Windows) Ver.1.5.5 and earlier, with its timestamp prior to April 25, 2018, 12:11:31, and CLIP STUDIO MODELER (for Windows) Ver.1.6.3 and earlier, with its timestamp prior to April 25, 2018, 17:02:49) allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.

Severity ?

No CVSS data available.

CWE

Untrusted search path vulnerability

Assigner

jpcert

References

URL

Tags

	https://www.clip-studio.com/clip_site/download/cl…	x_refsource_MISC
	http://www.clipstudio.net/en/dl	x_refsource_MISC
	https://jvn.jp/en/jp/JVN68345747/	third-party-advisoryx_refsource_JVN

Impacted products

	Vendor	Product	Version
	CELSYS, Inc.	CLIP STUDIO series	Affected: (CLIP STUDIO PAINT (for Windows) EX/PRO/DEBUT Ver.1.7.3 and earlier, CLIP STUDIO ACTION (for Windows) Ver.1.5.5 and earlier, with its timestamp prior to April 25, 2018, 12:11:31, and CLIP STUDIO MODELER (for Windows) Ver.1.6.3 and earlier, with its timestamp prior to April 25, 2018, 17:02:49)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:28:11.132Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.clip-studio.com/clip_site/download/clipstudioaction/csaupdater/index_win"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.clipstudio.net/en/dl"
          },
          {
            "name": "JVN#68345747",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN68345747/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CLIP STUDIO series",
          "vendor": "CELSYS, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "(CLIP STUDIO PAINT (for Windows) EX/PRO/DEBUT Ver.1.7.3 and earlier, CLIP STUDIO ACTION (for Windows) Ver.1.5.5 and earlier, with its timestamp prior to April 25, 2018, 12:11:31, and CLIP STUDIO MODELER (for Windows) Ver.1.6.3 and earlier, with its timestamp prior to April 25, 2018, 17:02:49)"
            }
          ]
        }
      ],
      "datePublic": "2018-04-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Untrusted search path vulnerability in CELSYS, Inc CLIP STUDIO series (CLIP STUDIO PAINT (for Windows) EX/PRO/DEBUT Ver.1.7.3 and earlier, CLIP STUDIO ACTION (for Windows) Ver.1.5.5 and earlier, with its timestamp prior to April 25, 2018, 12:11:31, and CLIP STUDIO MODELER (for Windows) Ver.1.6.3 and earlier, with its timestamp prior to April 25, 2018, 17:02:49) allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Untrusted search path vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-14T12:57:01",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.clip-studio.com/clip_site/download/clipstudioaction/csaupdater/index_win"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.clipstudio.net/en/dl"
        },
        {
          "name": "JVN#68345747",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "https://jvn.jp/en/jp/JVN68345747/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-0580",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "CLIP STUDIO series",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "(CLIP STUDIO PAINT (for Windows) EX/PRO/DEBUT Ver.1.7.3 and earlier, CLIP STUDIO ACTION (for Windows) Ver.1.5.5 and earlier, with its timestamp prior to April 25, 2018, 12:11:31, and CLIP STUDIO MODELER (for Windows) Ver.1.6.3 and earlier, with its timestamp prior to April 25, 2018, 17:02:49)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "CELSYS, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Untrusted search path vulnerability in CELSYS, Inc CLIP STUDIO series (CLIP STUDIO PAINT (for Windows) EX/PRO/DEBUT Ver.1.7.3 and earlier, CLIP STUDIO ACTION (for Windows) Ver.1.5.5 and earlier, with its timestamp prior to April 25, 2018, 12:11:31, and CLIP STUDIO MODELER (for Windows) Ver.1.6.3 and earlier, with its timestamp prior to April 25, 2018, 17:02:49) allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.clip-studio.com/clip_site/download/clipstudioaction/csaupdater/index_win",
              "refsource": "MISC",
              "url": "https://www.clip-studio.com/clip_site/download/clipstudioaction/csaupdater/index_win"
            },
            {
              "name": "http://www.clipstudio.net/en/dl",
              "refsource": "MISC",
              "url": "http://www.clipstudio.net/en/dl"
            },
            {
              "name": "JVN#68345747",
              "refsource": "JVN",
              "url": "https://jvn.jp/en/jp/JVN68345747/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2018-0580",
    "datePublished": "2018-05-14T13:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-08-05T03:28:11.132Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-13783

CVE-2018-0580 (GCVE-0-2018-0580)

Tags

Sightings

Nomenclature