Ichitaro series buffer overflow vulnerability


The "Ichitaro" series word processing software contains a buffer overflow vulnerability. This vulnerability is different from JVN#32981509 and JVN#50495547.

The "Ichitaro" series word processing software, from JustSystems Corporation, contains a buffer overflow vulnerability. If a user opens a specially crafted jtd file or views it on a web browser, an attacker could execute arbitrary code with the privileges of the user.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 6.8 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
Affected Products

JustSystems Corporation
  • Ichitaro 11
  • Ichitaro 12
  • Ichitaro 13
  • Ichitaro 2004
  • Ichitaro 2005
  • Ichitaro 2006
  • Ichitaro 2007
  • Ichitaro for Linux
  • Ichitaro Lite2
  • Ichitaro 2007 trial version
  • Ichitaro Government 2006
  • Ichitaro Government 2007
  • Ichitaro Viewer
  • Ichitaro Bungei


An attacker could execute arbitrary code with the privileges of the user who opened the specially crafted jtd file.

Update the Software

Apply the update module provided by JustSystems.
Vendor Information

JustSystems Corporation
CWE (What is CWE?)

  1. Buffer Errors(CWE-119) [NVD Evaluation]
CVE (What is CVE?)

  1. CVE-2007-5687

  1. JVN : JVN#29211062
  2. National Vulnerability Database (NVD) : CVE-2007-5687
  3. Secunia Advisory : SA27393
  4. SecurityFocus : 26206
  5. FrSIRT Advisories : FrSIRT/ADV-2007-3623
Revision History

  • [2008/05/21]
      Web page published