CVE-2018-0623 : Security Advisory and Response

Multiple vulnerabilities have been identified in various Yayoi 17 Series products, allowing attackers to gain elevated privileges by exploiting an untrusted search path issue.

Understanding CVE-2018-0623

What is CVE-2018-0623?

CVE-2018-0623 is a vulnerability found in multiple Yayoi 17 Series products, including Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, enabling attackers to escalate privileges through a malicious DLL file.

The Impact of CVE-2018-0623

The vulnerability allows attackers to introduce a malicious DLL file disguised as a legitimate one into an unspecified directory, leading to elevated privileges.

Technical Details of CVE-2018-0623

Vulnerability Description

The flaw arises from the improper handling of the msjet49.dll file by the affected Yayoi 17 Series products.

Affected Systems and Versions

Yayoi Kaikei 17 Series Ver.23.1.1 and earlier
Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier
Yayoi Kyuuyo 17 Ver.20.1.4 and earlier
Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier
Yayoi Hanbai 17 Series Ver. 20.0.2 and earlier
Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier

Exploitation Mechanism

Attackers can exploit the untrusted search path vulnerability by inserting a Trojan horse DLL file into an unspecified directory, leveraging the handling of msjet49.dll by the affected products.

Mitigation and Prevention

Immediate Steps to Take

Apply security patches provided by Yayoi Co., Ltd.
Monitor for any unauthorized DLL files in system directories
Implement strict file integrity checks

Long-Term Security Practices

Regularly update and patch software to address vulnerabilities
Conduct security audits and penetration testing to identify weaknesses

Patching and Updates

Yayoi Co., Ltd. should release patches addressing the untrusted search path vulnerability in the affected products.