CVE-2024-47045
📋 TL;DR
This CVE describes a privilege escalation vulnerability in the e-Tax software installer where an attacker can plant a malicious DLL that gets executed with elevated privileges during installation. This affects users of Japan's e-Tax tax filing software who run the installer with administrative rights. The vulnerability allows local attackers to gain higher privileges on the system.
💻 Affected Systems
- e-Tax software (common program)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise where an attacker gains SYSTEM/administrator privileges, installs persistent malware, steals sensitive data, or disables security controls.
Likely Case
Local privilege escalation allowing attackers to install additional malware, modify system configurations, or access restricted files and resources.
If Mitigated
Limited impact if users run installers with standard user privileges and have application control/whitelisting in place.
🎯 Exploit Status
Requires local access and ability to place malicious DLL in specific location. User interaction needed to run installer.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Updated version released September 2024
Vendor Advisory: https://www.e-tax.nta.go.jp/topics/2024/topics_20240924_versionup.htm
Restart Required: Yes
Instructions:
1. Download latest e-Tax software from official NTA website. 2. Uninstall previous version. 3. Install updated version. 4. Restart system.
🔧 Temporary Workarounds
Run installer with standard user privileges
windowsInstall e-Tax software using standard user account instead of administrator account when possible
Enable DLL signature enforcement
windowsConfigure Windows to only load signed DLLs using policies like DLL signature enforcement
🧯 If You Can't Patch
- Restrict installer execution to trusted administrators only
- Implement application control/whitelisting to prevent unauthorized DLL execution
🔍 How to Verify
Check if Vulnerable:
Check e-Tax software version. If version predates September 2024 update, system is vulnerable.Check Version:
Check e-Tax program properties or About section within the applicationVerify Fix Applied:
Verify e-Tax software version matches latest release from NTA website and check installation date is after September 24, 2024.📡 Detection & Monitoring
Log Indicators:
- Unexpected DLL loading during e-Tax installation
- Process creation with unexpected parent-child relationships
- Installation logs showing DLL loading from unusual paths
Network Indicators:
- None - this is a local privilege escalation
SIEM Query:
Process Creation where (ParentImage contains "e-tax" OR Image contains "e-tax") AND CommandLine contains "dll"