[Japanese]

JVNDB-2013-000103

Ichitaro series vulnerable to arbitrary code execution

Overview

The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution.
This vulnerability differs from other issues that were previously published on JVN.

For more information, please refer to the developer's website.
CVSS Severity (What is CVSS?)

Base Metrics: 9.3 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: Complete
  • Integrity Impact: Complete
  • Availability Impact: Complete

Affected Products


JustSystems Corporation
  • Ichitaro 2006, Ichitaro Government 2006
  • Ichitaro 2007, Ichitaro Government 2007
  • Ichitaro 2008, Ichitaro Government 2008
  • Ichitaro 2009, Ichitaro Government 2009
  • Ichitaro 2010
  • Ichitaro 2011 Sou / Ichitaro 2011
  • Ichitaro 2012 Shou
  • Ichitaro 2013 Gen Trial Edition
  • Ichitaro Government 6
  • Ichitaro Government 7
  • Ichitaro 2013 Gen
  • Ichitaro Pro
  • Ichitaro Pro 2
  • Ichitaro Pro 2 Trial Edition
  • Ichitaro Government 2010
  • Ichitaro Viewer
  • Ichitaro Portable with oreplug

Impact

When a user opens a specially crafted file, arbitrary code may be executed.
Solution

[Update the software]
Apply the appropriate update module according to the information provided by the developer.
Vendor Information

JustSystems Corporation
CWE (What is CWE?)

  1. No Mapping(CWE-noinfo) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2013-5990
References

  1. JVN : JVN#44999463
  2. National Vulnerability Database (NVD) : CVE-2013-5990
  3. IPA SECURITY ALERTS : Security Alert for Ichitaro series (in Japanese)
  4. @Police : Vulnerability in JustSystems products (in Japanese)
Revision History

[2013/11/12]
  Web page was published
[2013/11/13]
  References : Content was added
[2013/11/15]
  References : Content was added