### [CVE-2017-2176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2176)
![](https://img.shields.io/static/v1?label=Product&message=clock_01_setup.exe&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=clock_02_setup.exe&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=jasdf_01.exe&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=jasdf_02.exe&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=jasdf_03.exe&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=jasdf_04.exe&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=jasdf_05.exe&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=scramble_setup.exe&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Untrusted%20search%20path%20vulnerability&color=brighgreen)

### Description

Untrusted search path vulnerability in screensaver installers (jasdf_01.exe, jasdf_02.exe, jasdf_03.exe, jasdf_04.exe, jasdf_05.exe, scramble_setup.exe, clock_01_setup.exe, clock_02_setup.exe) available prior to May 25, 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

### POC

#### Reference
- http://www.mod.go.jp/asdf/information/index.html

#### Github
No PoCs found on GitHub currently.