[Japanese]

JVNDB-2014-000131

Ichitaro series vulnerable to arbitrary code execution

Overview

The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution.
This vulnerability differs from other issues that were previously published on JVN.

For more information, please refer to the developer's website.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 9.3 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: Complete
  • Integrity Impact: Complete
  • Availability Impact: Complete
Affected Products


JustSystems Corporation
  • Ichitaro 2008, Ichitaro Government 2008
  • Ichitaro 2009, Ichitaro Government 2009
  • Ichitaro 2010, Ichitaro Government 2010
  • Ichitaro 2011 Sou / Ichitaro 2011
  • Ichitaro 2012 Shou
  • Ichitaro 2013 Gen
  • Ichitaro 2014 Tetsu
  • Ichitaro 2014 Tetsu Trial Edition
  • Ichitaro Government 6
  • Ichitaro Government 7
  • Ichitaro Pro
  • Ichitaro Pro 2
  • Ichitaro Pro 2 Trial Edition

Impact

When a user opens a specially crafted file, arbitrary code may be executed.
Solution

[Update the software]
Apply the appropriate update module according to the information provided by the developer.
Vendor Information

JustSystems Corporation
CWE (What is CWE?)

  1. No Mapping(CWE-noinfo) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2014-7247
References

  1. JVN : JVN#16318793
  2. National Vulnerability Database (NVD) : CVE-2014-7247
  3. IPA SECURITY ALERTS : Security Alert for Ichitaro series vulnerable to arbitrary code execution (JVN#16318793) (in Japanese)
Revision History

  • [2014/11/13]
      Web page was published
    [2014/11/27]
      References : Content was added