[Japanese]

JVNDB-2008-000001

Multiple JustSystems products vulnerable to buffer overflow

Overview

Multiple JustSystems products are vulnerable to buffer overflow.

Multiple JustSystems products contain a vulnerability which allows a remote attacker to cause buffer overflow when a user opens or views a specially crafted .jtd file.

Multiple products are affected by this vulnerability.
For details, see the information provided by JustSystems.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 6.8 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
Affected Products


JustSystems Corporation
  • Ichitaro and other software

Impact

If a user opens a specially crafted .jtd file or views a web page containing a specially crafted .jtd file, arbitrary code can be executed with the privilege of the user.
Solution

The solutions and workarounds vary depending on the products. For more information, refer to the vendor's website.
Vendor Information

JustSystems Corporation
CWE (What is CWE?)

  1. Buffer Errors(CWE-119) [NVD Evaluation]
CVE (What is CVE?)

  1. CVE-2008-0223
References

  1. JVN : JVN#08237857
  2. National Vulnerability Database (NVD) : CVE-2008-0223
  3. IPA SECURITY ALERTS : Security Alert for Vulnerability in Multiple JustSystems Products
  4. Fourteenforty Released Advisory : FFRRA-20080107
  5. Secunia Advisory : SA28275
  6. SecurityFocus : 27153
  7. ISS X-Force Database : 39501
  8. FrSIRT Advisories : FrSIRT/ADV-2008-0045
Revision History

  • [2008/05/21]
      Web page published