|
[Japanese]
|
JVNDB-2009-000018
|
Ichitaro series buffer overflow vulnerability
|
|
The "Ichitaro" series word processing software contains a buffer overflow vulnerability.
This vulnerability is different from JVN#29211062, JVN#32981509 and JVN#50495547.
The "Ichitaro" series word processing software, from JustSystems Corporation, contains an issue in the reading of Rich Text Files resulting in a buffer overflow vulnerability. When a user opens a specially crafted file locally or through a website, arbitrary code may be executed with privleges of the user.
Yuji Ukai of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
|
CVSS V2 Severity:
Base Metrics 6.8 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: Partial
- Availability Impact: Partial
|
|
|
JustSystems Corporation
- Ichitaro 2009
- Ichitaro Government 2009
- Ichitaro 2009 trial version
- Ichitaro 2008
- Ichitaro Government 2008
- Ichitaro 2007
- Ichitaro Government 2007
- Ichitaro 2006
- Ichitaro Government 2006
- Ichitaro 2005
- Ichitaro Bungei
- Ichitaro 2004
- Ichitaro 13
- Ichitaro Viewer 2009 version 19.0.1.0 and earlier
|
|
|
An attacker could execute arbitrary code with the privileges of the user.
|
|
[Update the Software]
Apply the update module provided by JustSystems.
|
|
JustSystems Corporation
|
|
- Buffer Errors(CWE-119) [IPA Evaluation]
|
|
- CVE-2009-4737
|
|
- JVN : JVN#33846134
- National Vulnerability Database (NVD) : CVE-2009-4737
- IPA SECURITY ALERTS : Security Alert for Security Vulnerability in the Ichitaro Series
- Secunia Advisory : SA34611
- SecurityFocus : 34403
- ISS X-Force Database : 49739
- VUPEN Security : VUPEN/ADV-2009-0957
- OPEN SOURCE VULNERABILITY DATABASE (OSVDB) : 53349
|
|
- [2010/03/23]
Web page published
|
