CVE-2016-7818

Published on: 06/09/2017 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:06 PM UTC

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Certain versions of Device Data Encryption Program from Japan Pension Service contain the following vulnerability:

Untrusted search path vulnerability in Installers for Specification check program (social insurance) Ver. 9.00 and earlier, TODOKESHO print program Ver. 5.00 and earlier, Device data encryption program Ver. 1.00 and earlier, and TODOKESHO creation program Ver. 15.00 and earlier available prior to October 17, 2016 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2016-7818 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as HIGH severity.
  • Affected Vendor/Software: URL Logo Japan Pension Service - Intstaller for Specification check program(social insurance) version Ver. 9.00 and earlier that was available prior to October 17, 2016
  • Affected Vendor/Software: URL Logo Japan Pension Service - Intstaller for TODOKESHO print program version Ver. 5.00 and earlier that was available prior to October 17, 2016
  • Affected Vendor/Software: URL Logo Japan Pension Service - Intstaller for Device data encryption program version Ver. 1.00 and earlier that was available prior to October 17, 2016
  • Affected Vendor/Software: URL Logo Japan Pension Service - Intstaller for TODOKESHO creation program version Ver. 15.00 and earlier that was available prior to October 17, 2016

CVSS3 Score: 7.8 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL LOW NONE REQUIRED
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 6.8 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL PARTIAL

CVE References

Description Tags Link
Multiple Japan Pension Service Products CVE-2016-7818 DLL Loading Local Code Execution Vulnerability Third Party Advisory
VDB Entry
cve.report (archive)
text/html
URL Logo BID 94616
届書データにパスワードを設定する場合|日本年金機構 Patch
Vendor Advisory
www.nenkin.go.jp
text/xml
URL Logo CONFIRM www.nenkin.go.jp/denshibenri/setsumei/0104.html
日本年金機構が提供する届書作成プログラムを利用する場合|日本年金機構 Patch
Vendor Advisory
www.nenkin.go.jp
text/xml
URL Logo CONFIRM www.nenkin.go.jp/denshibenri/setsumei/20150105-03.html
紙の様式に準じて出力する場合|日本年金機構 Patch
Vendor Advisory
www.nenkin.go.jp
text/xml
URL Logo CONFIRM www.nenkin.go.jp/denshibenri/setsumei/20140630.html
届出システムを自社開発または市販ソフトを使用する場合|日本年金機構 Patch
Vendor Advisory
www.nenkin.go.jp
text/xml
URL Logo CONFIRM www.nenkin.go.jp/denshibenri/setsumei/20150415.html#cmscheck
JVN#08868688: The installers of multiple Japan Pension Service software may insecurely load Dynamic Link Libraries Third Party Advisory
VDB Entry
jvn.jp
text/xml
URL Logo JVN JVN#08868688

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationJapan Pension ServiceDevice Data Encryption Program1.00AllAllAll
ApplicationJapan Pension ServiceDevice Data Encryption Program1.00AllAllAll
ApplicationJapan Pension ServiceSpecification Check Program9.00AllAllAll
ApplicationJapan Pension ServiceSpecification Check Program9.00AllAllAll
ApplicationJapan Pension ServiceTodokesho Creation Program15.00AllAllAll
ApplicationJapan Pension ServiceTodokesho Creation Program15.00AllAllAll
ApplicationJapan Pension ServiceTodokesho Print Program5.00AllAllAll
ApplicationJapan Pension ServiceTodokesho Print Program5.00AllAllAll
  • cpe:2.3:a:japan_pension_service:device_data_encryption_program:1.00:*:*:*:*:*:*:*:
  • cpe:2.3:a:japan_pension_service:device_data_encryption_program:1.00:*:*:*:*:*:*:*:
  • cpe:2.3:a:japan_pension_service:specification_check_program:9.00:*:*:*:*:*:*:*:
  • cpe:2.3:a:japan_pension_service:specification_check_program:9.00:*:*:*:*:*:*:*:
  • cpe:2.3:a:japan_pension_service:todokesho_creation_program:15.00:*:*:*:*:*:*:*:
  • cpe:2.3:a:japan_pension_service:todokesho_creation_program:15.00:*:*:*:*:*:*:*:
  • cpe:2.3:a:japan_pension_service:todokesho_print_program:5.00:*:*:*:*:*:*:*:
  • cpe:2.3:a:japan_pension_service:todokesho_print_program:5.00:*:*:*:*:*:*:*: