CVE-2017-2208

Description

Untrusted search path vulnerability in Installer of Electronic tendering and bid opening system available prior to June 12, 2017 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory.

Affected products

• Acquisition, Technology & Logistics Agency / Installer of electronic tendering and bid opening systemavailable prior to June 12, 2017 – available prior to June 12, 2017

References

• MISChttp://www.mod.go.jp/atla/souhon/cals/nyusatsu_top.html
• MISChttps://jvn.jp/en/jp/JVN27198823/index.html