[Japanese]

JVNDB-2005-000775

Vulnerability involving security zone handling in applications using Internet Explorer components

Overview

Internet Explorer (IE) components apply different security levels for web content processing depending on the location (zone) of the web content.

As a result, web content on the Internet is processed in the "Internet" zone with a higher security level than that set for web content in the "Intranet" zone.

However, we have confirmed that some applications using IE components may process web content in an inappropriate zone.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 6.4 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


JustSystems Corporation
  • NETA's Seed before 2005.07.12
YMIRLINK Inc.
  • Paper 2001 ver1.9 and ealier
  • Paper copi ver2.37 and ealier
Hitachi Software Engineering Co.,Ltd
  • DNASIS Pro V1.0,V2.0,V2.2,V2.2.3,V2.2.5,V2.6,V2.6.1,V2.6.3
FUJITSU
  • ATLAS
  • ATLAS Translation (server)
  • ATLAS Translation (personal)
  • BizLingo
  • ES@SCHOOL
  • Japanist
  • SIMPLIA/JF ClientMate
  • SIMPLIA/TF-WebTest
  • Hiragana Navi
  • Rakuraku Browser
  • Rakuraku Mail
  • Translation Surfin

Impact

Arbitrary code could be executed in a zone with a low security level on a user's computer. This may allow a remote attacker to take complete control of the user's computer.
Solution

Vendor Information

JustSystems Corporation
  • JUST SYSTEM : pd5001 (Japanese)
YMIRLINK Inc. Hitachi Software Engineering Co.,Ltd FUJITSU
CWE (What is CWE?)

CVE (What is CVE?)

References

  1. JVN : JVN#257C6F28
Revision History

  • [2008/05/21]
      Web page published
    [2010/10/12]
      Vendor Information : Added Hitachi Software Engineering Co.,Ltd (iezone_issue).

Date Public2005/07/12
Date First Published2008/05/21
Date Last Updated2010/10/12