{"api_version":"1","generated_at":"2026-04-23T15:28:29+00:00","cve":"CVE-2017-10823","urls":{"html":"https://cve.report/CVE-2017-10823","api":"https://cve.report/api/cve/CVE-2017-10823.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-10823","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-10823"},"summary":{"title":"CVE-2017-10823","description":"Untrusted search path vulnerability in Installer for Shin Kinkyuji Houkoku Data Nyuryoku Program (program released on 2011 March 10) Distributed on the website till 2017 May 17 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.","state":"PUBLIC","assigner":"vultures@jpcert.or.jp","published_at":"2017-08-18 13:29:00","updated_at":"2017-08-22 16:57:00"},"problem_types":["CWE-426"],"metrics":[],"references":[{"url":"https://jvn.jp/en/jp/JVN23546631/index.html","name":"JVN#23546631","refsource":"JVN","tags":["Third Party Advisory","VDB Entry"],"title":"JVN#23546631: Installer of Shin Kinkyuji Houkoku Data Nyuryoku Program may insecurely load Dynamic Link Libraries","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-10823","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-10823","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"10823","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"enecho.meti","cpe5":"shin_kinkyuji_houkoku_data_nyuryoku_program","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"10823","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"enecho.meti","cpe5":"shin_kinkyuji_houkoku_data_nyuryoku_program","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"vultures@jpcert.or.jp","ID":"CVE-2017-10823","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Installer for Shin Kinkyuji Houkoku Data Nyuryoku Program (program released on 2011 March 10)","version":{"version_data":[{"version_value":"Distributed on the website till 2017 May 17"}]}}]},"vendor_name":"Agency for Natural Resources and Energy of Ministry of Economy,Trade and Industry (METI)"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Untrusted search path vulnerability in Installer for Shin Kinkyuji Houkoku Data Nyuryoku Program (program released on 2011 March 10) Distributed on the website till 2017 May 17 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Untrusted search path vulnerability"}]}]},"references":{"reference_data":[{"name":"JVN#23546631","refsource":"JVN","url":"https://jvn.jp/en/jp/JVN23546631/index.html"}]}},"nvd":{"publishedDate":"2017-08-18 13:29:00","lastModifiedDate":"2017-08-22 16:57:00","problem_types":["CWE-426"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":9.3},"severity":"HIGH","exploitabilityScore":8.6,"impactScore":10,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:enecho.meti:shin_kinkyuji_houkoku_data_nyuryoku_program:-:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"10823","Ordinal":"107866","Title":"CVE-2017-10823","CVE":"CVE-2017-10823","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"10823","Ordinal":"1","NoteData":"Untrusted search path vulnerability in Installer for Shin Kinkyuji Houkoku Data Nyuryoku Program (program released on 2011 March 10) Distributed on the website till 2017 May 17 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.","Type":"Description","Title":null},{"CveYear":"2017","CveId":"10823","Ordinal":"2","NoteData":"2017-08-18","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"10823","Ordinal":"3","NoteData":"2017-08-18","Type":"Other","Title":"Modified"}]}}}