[Japanese]

JVNDB-2007-000876

Ichitaro series buffer overflow vulnerability

Overview

The "Ichitaro" series word processing software contains a buffer overflow vulnerability. This vulnerability is different from JVN#32981509 and JVN#50495547.

The "Ichitaro" series word processing software, from JustSystems Corporation, contains a buffer overflow vulnerability. If a user opens a specially crafted jtd file or views it on a web browser, an attacker could execute arbitrary code with the privileges of the user.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 6.8 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
Affected Products


JustSystems Corporation
  • Ichitaro 11
  • Ichitaro 12
  • Ichitaro 13
  • Ichitaro 2004
  • Ichitaro 2005
  • Ichitaro 2006
  • Ichitaro 2007
  • Ichitaro for Linux
  • Ichitaro Lite2
  • Ichitaro 2007 trial version
  • Ichitaro Government 2006
  • Ichitaro Government 2007
  • Ichitaro Viewer
  • Ichitaro Bungei

Impact

An attacker could execute arbitrary code with the privileges of the user who opened the specially crafted jtd file.
Solution

Update the Software

Apply the update module provided by JustSystems.
Vendor Information

JustSystems Corporation
CWE (What is CWE?)

  1. Buffer Errors(CWE-119) [NVD Evaluation]
CVE (What is CVE?)

  1. CVE-2007-5687
References

  1. JVN : JVN#29211062
  2. National Vulnerability Database (NVD) : CVE-2007-5687
  3. Secunia Advisory : SA27393
  4. SecurityFocus : 26206
  5. FrSIRT Advisories : FrSIRT/ADV-2007-3623
Revision History

  • [2008/05/21]
      Web page published