CVE-2018-0580

Name: CVE-2018-0580
Creator: NVD / NIST
Published: 2018-05-14T13:29:01.57+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.11%

Last modified Jun 17, 2026

CVE-2018-0580 is a vulnerability of currently unknown severity. Untrusted search path vulnerability in CELSYS, Inc CLIP STUDIO series (CLIP STUDIO PAINT (for Windows) EX/PRO/DEBUT Ver.1.7.3 and earlier, CLIP STUDIO ACTION (for Windows) Ver.1.5.5 and earlier, with its timestamp prior to April 25, 2018, 12:11:31, and CLIP STUDIO MODELER (for Windows) Ver.1.6.3 and earlier, with its timestamp prior to April 25, 2018, 17:02:49) allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.. EPSS estimates a 2.11% chance of exploitation in the next 30 days.

Description

Untrusted search path vulnerability in CELSYS, Inc CLIP STUDIO series (CLIP STUDIO PAINT (for Windows) EX/PRO/DEBUT Ver.1.7.3 and earlier, CLIP STUDIO ACTION (for Windows) Ver.1.5.5 and earlier, with its timestamp prior to April 25, 2018, 12:11:31, and CLIP STUDIO MODELER (for Windows) Ver.1.6.3 and earlier, with its timestamp prior to April 25, 2018, 17:02:49) allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.

Metrics

EPSS Probability

2.11%

79.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-426

Affected Software

Vendor	Product	Versions
Celsys	Clip Studio Action	<= 1.5.5
Celsys	Clip Studio Modeler	<= 1.6.3
Celsys	Clip Studio Paint	<= 1.7.3

References

http://www.clipstudio.net/en/dlVendor Advisory
https://jvn.jp/en/jp/JVN68345747/Third Party Advisory, VDB Entry
https://www.clip-studio.com/clip_site/download/clipstudioaction/csaupdater/index_winVendor Advisory
http://www.clipstudio.net/en/dlVendor Advisory
https://jvn.jp/en/jp/JVN68345747/Third Party Advisory, VDB Entry
https://www.clip-studio.com/clip_site/download/clipstudioaction/csaupdater/index_winVendor Advisory

Timeline

Published: May 14, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-0580?

How severe is CVE-2018-0580?

Severity scoring for CVE-2018-0580 is pending analysis. The EPSS model estimates a 2.11% probability of exploitation in the next 30 days.

How do I fix CVE-2018-0580?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-0580?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST