[Japanese]

JVNDB-2012-000034

Multiple JustSystems products may insecurely load dynamic libraries

Overview

Multiple JustSystems products may use unsafe methods for determining how to load DLL's.

Multiple JustSystems products contain an issue with the DLL search path, which may lead to insecurely loading dynamic libraries.

Naoto Katsumi of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

Base Metrics: 6.8 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial

Affected Products


JustSystems Corporation
  • Just Jump 4
  • Just School 2010
  • Just School 2009
  • Just School
  • Just Frontier
  • Ichitaro 2011
  • Ichitaro 2010
  • Ichitaro 2009
  • Ichitaro 2008
  • Ichitaro 2007
  • Ichitaro 2006
  • Ichitaro 2011 Sou
  • Ichitaro Government 2010
  • Ichitaro Government 2009
  • Ichitaro Government 2008
  • Ichitaro Government 2007
  • Ichitaro Government 2006
  • Ichitaro Viewer
  • Ichitaro Portable with oreplug
  • oreplug

Impact

Arbitrary code may be executed with the privileges of the running application.
Solution

[Update the software]
Apply the appropriate update according to the information provided by the developer.
Vendor Information

JustSystems Corporation
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2012-1242
References

  1. JVN : JVN#95378720
  2. National Vulnerability Database (NVD) : CVE-2012-1242
Revision History

[2012/04/24]
  Web page was published