Multiple JustSystems products vulnerable to buffer overflow


Multiple JustSystems products are vulnerable to buffer overflow.

Multiple JustSystems products contain a vulnerability which allows a remote attacker to cause buffer overflow when a user opens or views a specially crafted .jtd file.

Multiple products are affected by this vulnerability.
For details, see the information provided by JustSystems.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 6.8 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
Affected Products

JustSystems Corporation
  • Ichitaro and other software


If a user opens a specially crafted .jtd file or views a web page containing a specially crafted .jtd file, arbitrary code can be executed with the privilege of the user.

The solutions and workarounds vary depending on the products. For more information, refer to the vendor's website.
Vendor Information

JustSystems Corporation
CWE (What is CWE?)

  1. Buffer Errors(CWE-119) [NVD Evaluation]
CVE (What is CVE?)

  1. CVE-2008-0223

  1. JVN : JVN#08237857
  2. National Vulnerability Database (NVD) : CVE-2008-0223
  3. IPA SECURITY ALERTS : Security Alert for Vulnerability in Multiple JustSystems Products
  4. Fourteenforty Released Advisory : FFRRA-20080107
  5. Secunia Advisory : SA28275
  6. SecurityFocus : 27153
  7. ISS X-Force Database : 39501
  8. FrSIRT Advisories : FrSIRT/ADV-2008-0045
Revision History

  • [2008/05/21]
      Web page published