CVE-2016-4901

Name: CVE-2016-4901
Creator: NVD / NIST
Published: 2017-05-22T16:29:00.34+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.53%

Last modified Jun 17, 2026

CVE-2016-4901 is a vulnerability of currently unknown severity. Untrusted search path vulnerability in The installer of e-Tax Software all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.. EPSS estimates a 1.53% chance of exploitation in the next 30 days.

Description

Untrusted search path vulnerability in The installer of e-Tax Software all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.

Metrics

EPSS Probability

1.53%

71.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-426

Affected Software

Vendor	Product	Versions
National Tax Agency	E-Tax	All versions

References

http://jvndb.jvn.jp/jvndb/JVNDB-2016-000207Third Party Advisory, VDB Entry
http://www.e-tax.nta.go.jp/topics/topics_281014.htmVendor Advisory
http://www.securityfocus.com/bid/93606Third Party Advisory, VDB Entry
https://jvn.jp/en/jp/JVN63012325/index.htmlThird Party Advisory, VDB Entry
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000207Third Party Advisory, VDB Entry
http://www.e-tax.nta.go.jp/topics/topics_281014.htmVendor Advisory
http://www.securityfocus.com/bid/93606Third Party Advisory, VDB Entry
https://jvn.jp/en/jp/JVN63012325/index.htmlThird Party Advisory, VDB Entry

Timeline

Published: May 22, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2016-4901?

Untrusted search path vulnerability in The installer of e-Tax Software all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.

How severe is CVE-2016-4901?

Severity scoring for CVE-2016-4901 is pending analysis. The EPSS model estimates a 1.53% probability of exploitation in the next 30 days.

How do I fix CVE-2016-4901?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-4901?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST