Vulnerabilites related to justsystem - ichitaro
CVE-2007-6436 (GCVE-0-2007-6436)
Vulnerability from cvelistv5
Published
2007-12-18 20:00
Modified
2024-08-07 16:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in JSGCI.DLL in JustSystems Ichitaro 2005, 2006, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted document, as actively exploited in December 2007 by the Tarodrop.F trojan. NOTE: some of these details are obtained from third party information.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:02:37.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39395",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/39395"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/writeup.jsp?docid=2007-121308-3953-99"
},
{
"name": "justsystems-jsgci-bo(39025)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39025"
},
{
"name": "ADV-2007-4213",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4213"
},
{
"name": "27992",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27992"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in JSGCI.DLL in JustSystems Ichitaro 2005, 2006, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted document, as actively exploited in December 2007 by the Tarodrop.F trojan. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "39395",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/39395"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.symantec.com/security_response/writeup.jsp?docid=2007-121308-3953-99"
},
{
"name": "justsystems-jsgci-bo(39025)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39025"
},
{
"name": "ADV-2007-4213",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4213"
},
{
"name": "27992",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27992"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6436",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in JSGCI.DLL in JustSystems Ichitaro 2005, 2006, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted document, as actively exploited in December 2007 by the Tarodrop.F trojan. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39395",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/39395"
},
{
"name": "http://www.symantec.com/security_response/writeup.jsp?docid=2007-121308-3953-99",
"refsource": "MISC",
"url": "http://www.symantec.com/security_response/writeup.jsp?docid=2007-121308-3953-99"
},
{
"name": "justsystems-jsgci-bo(39025)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39025"
},
{
"name": "ADV-2007-4213",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4213"
},
{
"name": "27992",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27992"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6436",
"datePublished": "2007-12-18T20:00:00",
"dateReserved": "2007-12-18T00:00:00",
"dateUpdated": "2024-08-07T16:02:37.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6400 (GCVE-0-2006-6400)
Vulnerability from cvelistv5
Published
2006-12-10 02:00
Modified
2024-08-07 20:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in JustSystems Hanako 2004 through 2006, Hanako viewer 1.x, Ichitaro 2004, Ichitaro 2005, Ichitaro Lite2, Ichitaro viewer 4.x, and Sanshiro 2005 allows remote attackers to execute arbitrary code via the (1) Keyword and (2) Title fields, related to string length fields.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:26:46.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#47272891",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/jp/JVN%2347272891/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.justsystem.co.jp/info/pd6005.html"
},
{
"name": "1017336",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017336"
},
{
"name": "ADV-2006-4857",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4857"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/92_e.html"
},
{
"name": "21445",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21445"
},
{
"name": "23185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23185"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in JustSystems Hanako 2004 through 2006, Hanako viewer 1.x, Ichitaro 2004, Ichitaro 2005, Ichitaro Lite2, Ichitaro viewer 4.x, and Sanshiro 2005 allows remote attackers to execute arbitrary code via the (1) Keyword and (2) Title fields, related to string length fields."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-11-11T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "JVN#47272891",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/jp/JVN%2347272891/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.justsystem.co.jp/info/pd6005.html"
},
{
"name": "1017336",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017336"
},
{
"name": "ADV-2006-4857",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4857"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/92_e.html"
},
{
"name": "21445",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21445"
},
{
"name": "23185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23185"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in JustSystems Hanako 2004 through 2006, Hanako viewer 1.x, Ichitaro 2004, Ichitaro 2005, Ichitaro Lite2, Ichitaro viewer 4.x, and Sanshiro 2005 allows remote attackers to execute arbitrary code via the (1) Keyword and (2) Title fields, related to string length fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#47272891",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2347272891/index.html"
},
{
"name": "http://www.justsystem.co.jp/info/pd6005.html",
"refsource": "CONFIRM",
"url": "http://www.justsystem.co.jp/info/pd6005.html"
},
{
"name": "1017336",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017336"
},
{
"name": "ADV-2006-4857",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4857"
},
{
"name": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/92_e.html",
"refsource": "MISC",
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/92_e.html"
},
{
"name": "21445",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21445"
},
{
"name": "23185",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23185"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6400",
"datePublished": "2006-12-10T02:00:00",
"dateReserved": "2006-12-09T00:00:00",
"dateUpdated": "2024-08-07T20:26:46.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5424 (GCVE-0-2006-5424)
Vulnerability from cvelistv5
Published
2006-10-20 17:00
Modified
2024-08-07 19:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in Justsystem Ichitaro 2006, 2006 trial version, and Government 2006 allows remote attackers to execute arbitrary code via a modified document, possibly because of a buffer overflow, a different vulnerability than CVE-2006-4326.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:48:30.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20610",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20610"
},
{
"name": "ichitaro-unspecified-bo(29654)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29654"
},
{
"name": "JVN#90815371",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/jp/JVN%2390815371/index.html"
},
{
"name": "ADV-2006-4092",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4092"
},
{
"name": "22386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22386"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.justsystem.co.jp/info/pd6004.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Justsystem Ichitaro 2006, 2006 trial version, and Government 2006 allows remote attackers to execute arbitrary code via a modified document, possibly because of a buffer overflow, a different vulnerability than CVE-2006-4326."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20610",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20610"
},
{
"name": "ichitaro-unspecified-bo(29654)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29654"
},
{
"name": "JVN#90815371",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/jp/JVN%2390815371/index.html"
},
{
"name": "ADV-2006-4092",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4092"
},
{
"name": "22386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22386"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.justsystem.co.jp/info/pd6004.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5424",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Justsystem Ichitaro 2006, 2006 trial version, and Government 2006 allows remote attackers to execute arbitrary code via a modified document, possibly because of a buffer overflow, a different vulnerability than CVE-2006-4326."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20610",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20610"
},
{
"name": "ichitaro-unspecified-bo(29654)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29654"
},
{
"name": "JVN#90815371",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2390815371/index.html"
},
{
"name": "ADV-2006-4092",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4092"
},
{
"name": "22386",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22386"
},
{
"name": "http://www.justsystem.co.jp/info/pd6004.html",
"refsource": "CONFIRM",
"url": "http://www.justsystem.co.jp/info/pd6004.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5424",
"datePublished": "2006-10-20T17:00:00",
"dateReserved": "2006-10-20T00:00:00",
"dateUpdated": "2024-08-07T19:48:30.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0223 (GCVE-0-2008-0223)
Vulnerability from cvelistv5
Published
2008-01-10 23:00
Modified
2024-08-07 07:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in JustSystems JSFC.DLL, as used in multiple JustSystems products such as Ichitaro, allows remote attackers to execute arbitrary code via a crafted .JTD file.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:39:34.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1019168",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019168"
},
{
"name": "27153",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27153"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.justsystems.com/jp/info/pd8001.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20080107"
},
{
"name": "28275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28275"
},
{
"name": "ADV-2008-0045",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0045"
},
{
"name": "justsystems-jsfc-bo(39501)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39501"
},
{
"name": "JVN#08237857",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/jp/JVN%2308237857/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in JustSystems JSFC.DLL, as used in multiple JustSystems products such as Ichitaro, allows remote attackers to execute arbitrary code via a crafted .JTD file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1019168",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019168"
},
{
"name": "27153",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27153"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.justsystems.com/jp/info/pd8001.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20080107"
},
{
"name": "28275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28275"
},
{
"name": "ADV-2008-0045",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0045"
},
{
"name": "justsystems-jsfc-bo(39501)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39501"
},
{
"name": "JVN#08237857",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/jp/JVN%2308237857/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0223",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in JustSystems JSFC.DLL, as used in multiple JustSystems products such as Ichitaro, allows remote attackers to execute arbitrary code via a crafted .JTD file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1019168",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019168"
},
{
"name": "27153",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27153"
},
{
"name": "http://www.justsystems.com/jp/info/pd8001.html",
"refsource": "CONFIRM",
"url": "http://www.justsystems.com/jp/info/pd8001.html"
},
{
"name": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20080107",
"refsource": "MISC",
"url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20080107"
},
{
"name": "28275",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28275"
},
{
"name": "ADV-2008-0045",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0045"
},
{
"name": "justsystems-jsfc-bo(39501)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39501"
},
{
"name": "JVN#08237857",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2308237857/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0223",
"datePublished": "2008-01-10T23:00:00",
"dateReserved": "2008-01-10T00:00:00",
"dateUpdated": "2024-08-07T07:39:34.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5687 (GCVE-0-2007-5687)
Vulnerability from cvelistv5
Published
2007-10-28 16:00
Modified
2024-08-07 15:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple buffer overflows in the rich text processing functionality in JustSystems Ichitaro 2004 through 2007, 11 through 13, and other versions allow remote attackers to execute arbitrary code via a long (1) pard field or (2) font name in the fcharset0 field, which is not properly handled in (a) JSTARO4.OCX; or (3) a long title, which is not properly handled by (b) TJSVDA.DLL.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:39:13.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "justsystems-jstar04-bo(38130)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38130"
},
{
"name": "26206",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26206"
},
{
"name": "27393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27393"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-2"
},
{
"name": "JVN#50495547",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/jp/JVN%2350495547/index.html"
},
{
"name": "JVN#29211062",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/jp/JVN%2329211062/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-3"
},
{
"name": "39394",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39394"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.justsystems.com/jp/info/pd7004.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-1"
},
{
"name": "justsystems-tjsvda-bo(38129)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38129"
},
{
"name": "ADV-2007-3623",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3623"
},
{
"name": "JVN#32981509",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/jp/JVN%2332981509/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ipa.go.jp/security/vuln/200710_Ichitaro.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the rich text processing functionality in JustSystems Ichitaro 2004 through 2007, 11 through 13, and other versions allow remote attackers to execute arbitrary code via a long (1) pard field or (2) font name in the fcharset0 field, which is not properly handled in (a) JSTARO4.OCX; or (3) a long title, which is not properly handled by (b) TJSVDA.DLL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "justsystems-jstar04-bo(38130)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38130"
},
{
"name": "26206",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26206"
},
{
"name": "27393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27393"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-2"
},
{
"name": "JVN#50495547",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/jp/JVN%2350495547/index.html"
},
{
"name": "JVN#29211062",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/jp/JVN%2329211062/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-3"
},
{
"name": "39394",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39394"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.justsystems.com/jp/info/pd7004.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-1"
},
{
"name": "justsystems-tjsvda-bo(38129)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38129"
},
{
"name": "ADV-2007-3623",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3623"
},
{
"name": "JVN#32981509",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/jp/JVN%2332981509/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ipa.go.jp/security/vuln/200710_Ichitaro.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the rich text processing functionality in JustSystems Ichitaro 2004 through 2007, 11 through 13, and other versions allow remote attackers to execute arbitrary code via a long (1) pard field or (2) font name in the fcharset0 field, which is not properly handled in (a) JSTARO4.OCX; or (3) a long title, which is not properly handled by (b) TJSVDA.DLL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "justsystems-jstar04-bo(38130)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38130"
},
{
"name": "26206",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26206"
},
{
"name": "27393",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27393"
},
{
"name": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-2",
"refsource": "MISC",
"url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-2"
},
{
"name": "JVN#50495547",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2350495547/index.html"
},
{
"name": "JVN#29211062",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2329211062/index.html"
},
{
"name": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-3",
"refsource": "MISC",
"url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-3"
},
{
"name": "39394",
"refsource": "OSVDB",
"url": "http://osvdb.org/39394"
},
{
"name": "http://www.justsystems.com/jp/info/pd7004.html",
"refsource": "CONFIRM",
"url": "http://www.justsystems.com/jp/info/pd7004.html"
},
{
"name": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-1",
"refsource": "MISC",
"url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-1"
},
{
"name": "justsystems-tjsvda-bo(38129)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38129"
},
{
"name": "ADV-2007-3623",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3623"
},
{
"name": "JVN#32981509",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2332981509/index.html"
},
{
"name": "http://www.ipa.go.jp/security/vuln/200710_Ichitaro.html",
"refsource": "MISC",
"url": "http://www.ipa.go.jp/security/vuln/200710_Ichitaro.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5687",
"datePublished": "2007-10-28T16:00:00",
"dateReserved": "2007-10-28T00:00:00",
"dateUpdated": "2024-08-07T15:39:13.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4326 (GCVE-0-2006-4326)
Vulnerability from cvelistv5
Published
2006-08-24 01:00
Modified
2024-08-07 19:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in Justsystem Ichitaro 9.x through 13.x, Ichitaro 2004, 2005, 2006, and Government 2006; Ichitaro for Linux; and FormLiner before 20060818 allows remote attackers to execute arbitrary code via long Unicode strings in a crafted document, as being actively exploited by malware such as Trojan.Tarodrop. NOTE: some details are obtained from third party information.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:07.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21552",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21552"
},
{
"name": "ADV-2006-3332",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3332"
},
{
"name": "ichitaro-document-bo(28484)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28484"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.symantec.com/enterprise/security_response/weblog/2006/08/justsystems_ichitaro_0day_used.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2006-081615-5201-99"
},
{
"name": "19550",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19550"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.justsystem.co.jp/info/pd6002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Justsystem Ichitaro 9.x through 13.x, Ichitaro 2004, 2005, 2006, and Government 2006; Ichitaro for Linux; and FormLiner before 20060818 allows remote attackers to execute arbitrary code via long Unicode strings in a crafted document, as being actively exploited by malware such as Trojan.Tarodrop. NOTE: some details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21552",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21552"
},
{
"name": "ADV-2006-3332",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3332"
},
{
"name": "ichitaro-document-bo(28484)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28484"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.symantec.com/enterprise/security_response/weblog/2006/08/justsystems_ichitaro_0day_used.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2006-081615-5201-99"
},
{
"name": "19550",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19550"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.justsystem.co.jp/info/pd6002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Justsystem Ichitaro 9.x through 13.x, Ichitaro 2004, 2005, 2006, and Government 2006; Ichitaro for Linux; and FormLiner before 20060818 allows remote attackers to execute arbitrary code via long Unicode strings in a crafted document, as being actively exploited by malware such as Trojan.Tarodrop. NOTE: some details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21552",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21552"
},
{
"name": "ADV-2006-3332",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3332"
},
{
"name": "ichitaro-document-bo(28484)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28484"
},
{
"name": "http://www.symantec.com/enterprise/security_response/weblog/2006/08/justsystems_ichitaro_0day_used.html",
"refsource": "MISC",
"url": "http://www.symantec.com/enterprise/security_response/weblog/2006/08/justsystems_ichitaro_0day_used.html"
},
{
"name": "http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2006-081615-5201-99",
"refsource": "MISC",
"url": "http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2006-081615-5201-99"
},
{
"name": "19550",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19550"
},
{
"name": "http://www.justsystem.co.jp/info/pd6002.html",
"refsource": "CONFIRM",
"url": "http://www.justsystem.co.jp/info/pd6002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4326",
"datePublished": "2006-08-24T01:00:00",
"dateReserved": "2006-08-23T00:00:00",
"dateUpdated": "2024-08-07T19:06:07.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4246 (GCVE-0-2007-4246)
Vulnerability from cvelistv5
Published
2007-08-08 23:00
Modified
2024-08-07 14:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability, possibly a buffer overflow, in Justsystem Ichitaro 2007 and earlier allows remote attackers to execute arbitrary code via a modified document, as actively exploited in August 2007 by malware such as Tarodrop.D (Tarodrop.Q), a different vulnerability than CVE-2006-4326, CVE-2006-5424, CVE-2006-6400, and CVE-2007-1938.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:39.415Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.symantec.com/enterprise/security_response/weblog/2007/08/unknown_exploit_compromises_ic.html"
},
{
"name": "justsystems-unspecified-code-execution(35822)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35822"
},
{
"name": "ADV-2007-2780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2780"
},
{
"name": "25187",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25187"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/writeup.jsp?docid=2007-080210-4815-99"
},
{
"name": "39393",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39393"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.justsystem.co.jp/info/pd7003.html"
},
{
"name": "26317",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26317"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability, possibly a buffer overflow, in Justsystem Ichitaro 2007 and earlier allows remote attackers to execute arbitrary code via a modified document, as actively exploited in August 2007 by malware such as Tarodrop.D (Tarodrop.Q), a different vulnerability than CVE-2006-4326, CVE-2006-5424, CVE-2006-6400, and CVE-2007-1938."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.symantec.com/enterprise/security_response/weblog/2007/08/unknown_exploit_compromises_ic.html"
},
{
"name": "justsystems-unspecified-code-execution(35822)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35822"
},
{
"name": "ADV-2007-2780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2780"
},
{
"name": "25187",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25187"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.symantec.com/security_response/writeup.jsp?docid=2007-080210-4815-99"
},
{
"name": "39393",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39393"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.justsystem.co.jp/info/pd7003.html"
},
{
"name": "26317",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26317"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability, possibly a buffer overflow, in Justsystem Ichitaro 2007 and earlier allows remote attackers to execute arbitrary code via a modified document, as actively exploited in August 2007 by malware such as Tarodrop.D (Tarodrop.Q), a different vulnerability than CVE-2006-4326, CVE-2006-5424, CVE-2006-6400, and CVE-2007-1938."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/enterprise/security_response/weblog/2007/08/unknown_exploit_compromises_ic.html",
"refsource": "MISC",
"url": "http://www.symantec.com/enterprise/security_response/weblog/2007/08/unknown_exploit_compromises_ic.html"
},
{
"name": "justsystems-unspecified-code-execution(35822)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35822"
},
{
"name": "ADV-2007-2780",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2780"
},
{
"name": "25187",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25187"
},
{
"name": "http://www.symantec.com/security_response/writeup.jsp?docid=2007-080210-4815-99",
"refsource": "MISC",
"url": "http://www.symantec.com/security_response/writeup.jsp?docid=2007-080210-4815-99"
},
{
"name": "39393",
"refsource": "OSVDB",
"url": "http://osvdb.org/39393"
},
{
"name": "http://www.justsystem.co.jp/info/pd7003.html",
"refsource": "CONFIRM",
"url": "http://www.justsystem.co.jp/info/pd7003.html"
},
{
"name": "26317",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26317"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4246",
"datePublished": "2007-08-08T23:00:00",
"dateReserved": "2007-08-08T00:00:00",
"dateUpdated": "2024-08-07T14:46:39.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2007-12-18 20:46
Modified
2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in JSGCI.DLL in JustSystems Ichitaro 2005, 2006, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted document, as actively exploited in December 2007 by the Tarodrop.F trojan. NOTE: some of these details are obtained from third party information.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/27992 | Vendor Advisory | |
| cve@mitre.org | http://www.osvdb.org/39395 | ||
| cve@mitre.org | http://www.symantec.com/security_response/writeup.jsp?docid=2007-121308-3953-99 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/4213 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/39025 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27992 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/39395 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.symantec.com/security_response/writeup.jsp?docid=2007-121308-3953-99 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/4213 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/39025 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| justsystem | ichitaro | 2005 | |
| justsystem | ichitaro | 2006 | |
| justsystem | ichitaro | 2007 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:justsystem:ichitaro:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "B4125282-F81C-45E4-B5A3-D5685A859455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystem:ichitaro:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "038FB1DB-00F3-4761-A6F4-551360CF7983",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystem:ichitaro:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "A56FB56C-D890-423B-8021-7F07D143522F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in JSGCI.DLL in JustSystems Ichitaro 2005, 2006, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted document, as actively exploited in December 2007 by the Tarodrop.F trojan. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en JSGCI.DLL en JustSystems Ichitaro 2005, 2006, y 2007 permite a atacantes remotos con la intervenci\u00f3n del usuario ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de documentos manipulados, c\u00f3mo es activamente explotado en Diciembre 2007 por el troyano Tarodrop.F. NOTA: algunos de estos detalles se obtuvieron de una tercera fuente de informaci\u00f3n."
}
],
"id": "CVE-2007-6436",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-12-18T20:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27992"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/39395"
},
{
"source": "cve@mitre.org",
"url": "http://www.symantec.com/security_response/writeup.jsp?docid=2007-121308-3953-99"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/4213"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/39395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.symantec.com/security_response/writeup.jsp?docid=2007-121308-3953-99"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/4213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39025"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-10-20 17:07
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in Justsystem Ichitaro 2006, 2006 trial version, and Government 2006 allows remote attackers to execute arbitrary code via a modified document, possibly because of a buffer overflow, a different vulnerability than CVE-2006-4326.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://jvn.jp/jp/JVN%2390815371/index.html | ||
| cve@mitre.org | http://secunia.com/advisories/22386 | Vendor Advisory | |
| cve@mitre.org | http://www.justsystem.co.jp/info/pd6004.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/20610 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2006/4092 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/29654 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/jp/JVN%2390815371/index.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22386 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.justsystem.co.jp/info/pd6004.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/20610 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/4092 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/29654 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| justsystem | ichitaro | 2006 | |
| justsystem | ichitaro | 2006_government_edition | |
| justsystem | ichitaro | 2006_trial_edition |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:justsystem:ichitaro:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "038FB1DB-00F3-4761-A6F4-551360CF7983",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystem:ichitaro:2006_government_edition:*:*:*:*:*:*:*",
"matchCriteriaId": "5423BEFF-4CE7-4A76-85D8-5D47ABA9C73A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystem:ichitaro:2006_trial_edition:*:*:*:*:*:*:*",
"matchCriteriaId": "F8254332-81D6-456A-8D72-CDFA4B73B912",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Justsystem Ichitaro 2006, 2006 trial version, and Government 2006 allows remote attackers to execute arbitrary code via a modified document, possibly because of a buffer overflow, a different vulnerability than CVE-2006-4326."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Justsystem Ichitaro 2006, 2006 trial version, y Government 2006 permite a un atacante remoto ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un documento modificado, posiblemente a causa de un desbordamiento de b\u00fafer, una vulnerabilidad diferentes que CVE-2006-4326."
}
],
"id": "CVE-2006-5424",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-10-20T17:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://jvn.jp/jp/JVN%2390815371/index.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22386"
},
{
"source": "cve@mitre.org",
"url": "http://www.justsystem.co.jp/info/pd6004.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/20610"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4092"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/jp/JVN%2390815371/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.justsystem.co.jp/info/pd6004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/20610"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29654"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-10 02:28
Modified
2025-04-09 00:30
Severity ?
Summary
Buffer overflow in JustSystems Hanako 2004 through 2006, Hanako viewer 1.x, Ichitaro 2004, Ichitaro 2005, Ichitaro Lite2, Ichitaro viewer 4.x, and Sanshiro 2005 allows remote attackers to execute arbitrary code via the (1) Keyword and (2) Title fields, related to string length fields.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://jvn.jp/jp/JVN%2347272891/index.html | ||
| cve@mitre.org | http://secunia.com/advisories/23185 | Vendor Advisory | |
| cve@mitre.org | http://securitytracker.com/id?1017336 | ||
| cve@mitre.org | http://www.justsystem.co.jp/info/pd6005.html | ||
| cve@mitre.org | http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/92_e.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/21445 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2006/4857 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/jp/JVN%2347272891/index.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/23185 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1017336 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.justsystem.co.jp/info/pd6005.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/92_e.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/21445 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/4857 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| justsystem | hanako | 2004 | |
| justsystem | hanako | 2005 | |
| justsystem | hanako | 2006 | |
| justsystem | hanako_viewer | 1.0 | |
| justsystem | ichitaro | * | |
| justsystem | ichitaro | 2005 | |
| justsystem | ichitaro | 2006 | |
| justsystem | ichitaro_lite2 | * | |
| justsystem | ichitaro_lite2 | r2 | |
| justsystem | ichitaro_viewer | 4.0 | |
| justsystem | sanshiro | 2005 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:justsystem:hanako:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "D22E31AB-74A8-4D04-8521-DEC6DB3B7066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystem:hanako:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "AE0AD3D7-4820-4C3F-8DF1-2DF8D85AEE2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystem:hanako:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "1728BCEE-65F2-4299-B349-62021526E1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystem:hanako_viewer:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF80BE6-E275-4C93-8BA4-26345671E97B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystem:ichitaro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1ECAAA-9317-420F-B672-6B313C5307AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystem:ichitaro:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "B4125282-F81C-45E4-B5A3-D5685A859455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystem:ichitaro:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "038FB1DB-00F3-4761-A6F4-551360CF7983",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystem:ichitaro_lite2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52A939CD-2BB7-490A-A6DA-F77DB0412BC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystem:ichitaro_lite2:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "FE065F3B-C67C-483D-AE21-D37AD3E7A10B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystem:ichitaro_viewer:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CC6690-2E3C-4891-820E-4E51128A1DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystem:sanshiro:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "1B362B4E-6D2E-40CB-B297-1F24B4B2CBD6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in JustSystems Hanako 2004 through 2006, Hanako viewer 1.x, Ichitaro 2004, Ichitaro 2005, Ichitaro Lite2, Ichitaro viewer 4.x, and Sanshiro 2005 allows remote attackers to execute arbitrary code via the (1) Keyword and (2) Title fields, related to string length fields."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en JustSystems Hanako 2004 hasta 2006, Hanako viewer 1.x, Ichitaro 2004, Ichitaro 2005, Ichitaro Lite2, Ichitaro viewer 4.x, y Sanshiro 2005 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante los campos (1) Keyword y (2) Title, relativos a campos de longitud de cadenas."
}
],
"id": "CVE-2006-6400",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-12-10T02:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://jvn.jp/jp/JVN%2347272891/index.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23185"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1017336"
},
{
"source": "cve@mitre.org",
"url": "http://www.justsystem.co.jp/info/pd6005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/92_e.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/21445"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4857"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/jp/JVN%2347272891/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.justsystem.co.jp/info/pd6005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/92_e.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4857"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-28 17:08
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple buffer overflows in the rich text processing functionality in JustSystems Ichitaro 2004 through 2007, 11 through 13, and other versions allow remote attackers to execute arbitrary code via a long (1) pard field or (2) font name in the fcharset0 field, which is not properly handled in (a) JSTARO4.OCX; or (3) a long title, which is not properly handled by (b) TJSVDA.DLL.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://jvn.jp/jp/JVN%2329211062/index.html | ||
| cve@mitre.org | http://jvn.jp/jp/JVN%2332981509/index.html | ||
| cve@mitre.org | http://jvn.jp/jp/JVN%2350495547/index.html | ||
| cve@mitre.org | http://osvdb.org/39394 | ||
| cve@mitre.org | http://secunia.com/advisories/27393 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-1 | ||
| cve@mitre.org | http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-2 | ||
| cve@mitre.org | http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-3 | ||
| cve@mitre.org | http://www.ipa.go.jp/security/vuln/200710_Ichitaro.html | ||
| cve@mitre.org | http://www.justsystems.com/jp/info/pd7004.html | Patch | |
| cve@mitre.org | http://www.securityfocus.com/bid/26206 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/3623 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/38129 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/38130 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/jp/JVN%2329211062/index.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/jp/JVN%2332981509/index.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/jp/JVN%2350495547/index.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/39394 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27393 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-3 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ipa.go.jp/security/vuln/200710_Ichitaro.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.justsystems.com/jp/info/pd7004.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/26206 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/3623 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/38129 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/38130 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| justsystem | ichitaro | 11.0 | |
| justsystem | ichitaro | 12.0 | |
| justsystem | ichitaro | 13.0 | |
| justsystem | ichitaro | 2004 | |
| justsystem | ichitaro | 2005 | |
| justsystem | ichitaro | 2006 | |
| justsystem | ichitaro | linux | |
| justsystem | ichitaro | lite2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:justsystem:ichitaro:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "69A39F16-968A-48E9-907F-36133B6775D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystem:ichitaro:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC262B5-28BE-4EC6-89CC-B013A15CB10C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystem:ichitaro:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72EFC88E-B6D1-4B8A-ADDD-5B2EF6523FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystem:ichitaro:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "AF08B2B3-8387-4A91-8866-4C9555901D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystem:ichitaro:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "B4125282-F81C-45E4-B5A3-D5685A859455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystem:ichitaro:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "038FB1DB-00F3-4761-A6F4-551360CF7983",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystem:ichitaro:linux:*:*:*:*:*:*:*",
"matchCriteriaId": "D42AF9B5-D9C7-435B-8FE7-B2DB39CDACC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystem:ichitaro:lite2:*:*:*:*:*:*:*",
"matchCriteriaId": "D47648C1-CF81-4C0E-91DE-0773C13AA4D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the rich text processing functionality in JustSystems Ichitaro 2004 through 2007, 11 through 13, and other versions allow remote attackers to execute arbitrary code via a long (1) pard field or (2) font name in the fcharset0 field, which is not properly handled in (a) JSTARO4.OCX; or (3) a long title, which is not properly handled by (b) TJSVDA.DLL."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer en la funcionalidad de procesamiento de texto enriquecido en el JustSystems Ichitaro 2004 hasta el 2007, el 11 hasta el 13 y otras versiones, permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de la inserci\u00f3n de (1) un largo en el par\u00e1metro pard o (2) un nombre de fuente largo en el campo fcharset0, lo que no es correctamente manejado en el (a) JSTARO4.OCX; o (3) un t\u00edtulo largo, lo que no es correctamente manejado por el (b) TJSVDA.DLL."
}
],
"id": "CVE-2007-5687",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-10-28T17:08:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://jvn.jp/jp/JVN%2329211062/index.html"
},
{
"source": "cve@mitre.org",
"url": "http://jvn.jp/jp/JVN%2332981509/index.html"
},
{
"source": "cve@mitre.org",
"url": "http://jvn.jp/jp/JVN%2350495547/index.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/39394"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27393"
},
{
"source": "cve@mitre.org",
"url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-2"
},
{
"source": "cve@mitre.org",
"url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-3"
},
{
"source": "cve@mitre.org",
"url": "http://www.ipa.go.jp/security/vuln/200710_Ichitaro.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.justsystems.com/jp/info/pd7004.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/26206"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3623"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38129"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/jp/JVN%2329211062/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/jp/JVN%2332981509/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/jp/JVN%2350495547/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/39394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ipa.go.jp/security/vuln/200710_Ichitaro.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.justsystems.com/jp/info/pd7004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38129"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38130"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-08-08 23:17
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability, possibly a buffer overflow, in Justsystem Ichitaro 2007 and earlier allows remote attackers to execute arbitrary code via a modified document, as actively exploited in August 2007 by malware such as Tarodrop.D (Tarodrop.Q), a different vulnerability than CVE-2006-4326, CVE-2006-5424, CVE-2006-6400, and CVE-2007-1938.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://osvdb.org/39393 | ||
| cve@mitre.org | http://secunia.com/advisories/26317 | Vendor Advisory | |
| cve@mitre.org | http://www.justsystem.co.jp/info/pd7003.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/25187 | ||
| cve@mitre.org | http://www.symantec.com/enterprise/security_response/weblog/2007/08/unknown_exploit_compromises_ic.html | ||
| cve@mitre.org | http://www.symantec.com/security_response/writeup.jsp?docid=2007-080210-4815-99 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/2780 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/35822 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/39393 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26317 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.justsystem.co.jp/info/pd7003.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/25187 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.symantec.com/enterprise/security_response/weblog/2007/08/unknown_exploit_compromises_ic.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.symantec.com/security_response/writeup.jsp?docid=2007-080210-4815-99 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/2780 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/35822 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| justsystem | ichitaro | 2007 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:justsystem:ichitaro:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "A56FB56C-D890-423B-8021-7F07D143522F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability, possibly a buffer overflow, in Justsystem Ichitaro 2007 and earlier allows remote attackers to execute arbitrary code via a modified document, as actively exploited in August 2007 by malware such as Tarodrop.D (Tarodrop.Q), a different vulnerability than CVE-2006-4326, CVE-2006-5424, CVE-2006-6400, and CVE-2007-1938."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada, posiblemente un desbordamiento de b\u00fafer, en Justsystem Ichitaro 2007 y anteriores permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un documento modificado, como el explotado activamente en Agosto de 2007 por malware tal como Tarodrop.D (Tarodrop.Q), una vulnerabilidad diferente que CVE-2006-4326, CVE-2006-5424, CVE-2006-6400, y CVE-2007-1938."
}
],
"id": "CVE-2007-4246",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-08-08T23:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/39393"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26317"
},
{
"source": "cve@mitre.org",
"url": "http://www.justsystem.co.jp/info/pd7003.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25187"
},
{
"source": "cve@mitre.org",
"url": "http://www.symantec.com/enterprise/security_response/weblog/2007/08/unknown_exploit_compromises_ic.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.symantec.com/security_response/writeup.jsp?docid=2007-080210-4815-99"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2780"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/39393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.justsystem.co.jp/info/pd7003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.symantec.com/enterprise/security_response/weblog/2007/08/unknown_exploit_compromises_ic.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.symantec.com/security_response/writeup.jsp?docid=2007-080210-4815-99"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35822"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-08-24 01:04
Modified
2025-04-03 01:03
Severity ?
Summary
Stack-based buffer overflow in Justsystem Ichitaro 9.x through 13.x, Ichitaro 2004, 2005, 2006, and Government 2006; Ichitaro for Linux; and FormLiner before 20060818 allows remote attackers to execute arbitrary code via long Unicode strings in a crafted document, as being actively exploited by malware such as Trojan.Tarodrop. NOTE: some details are obtained from third party information.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/21552 | Vendor Advisory | |
| cve@mitre.org | http://www.justsystem.co.jp/info/pd6002.html | Patch | |
| cve@mitre.org | http://www.securityfocus.com/bid/19550 | ||
| cve@mitre.org | http://www.symantec.com/enterprise/security_response/weblog/2006/08/justsystems_ichitaro_0day_used.html | ||
| cve@mitre.org | http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2006-081615-5201-99 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2006/3332 | Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/28484 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/21552 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.justsystem.co.jp/info/pd6002.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/19550 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.symantec.com/enterprise/security_response/weblog/2006/08/justsystems_ichitaro_0day_used.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2006-081615-5201-99 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/3332 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/28484 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| justsystem | formliner | * | |
| justsystem | ichitaro | 9.0 | |
| justsystem | ichitaro | 10.0 | |
| justsystem | ichitaro | 11.0 | |
| justsystem | ichitaro | 12.0 | |
| justsystem | ichitaro | 13.0 | |
| justsystem | ichitaro | 2004 | |
| justsystem | ichitaro | 2005 | |
| justsystem | ichitaro | 2006 | |
| justsystem | ichitaro_government | 2006 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:justsystem:formliner:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1271BA13-118F-45C5-ADCD-845AF16727D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystem:ichitaro:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "042BB9E2-6536-4BA0-804C-530EF548E387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystem:ichitaro:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44D0935F-D5F8-4D95-A483-036660B498F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystem:ichitaro:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "69A39F16-968A-48E9-907F-36133B6775D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystem:ichitaro:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC262B5-28BE-4EC6-89CC-B013A15CB10C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystem:ichitaro:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72EFC88E-B6D1-4B8A-ADDD-5B2EF6523FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystem:ichitaro:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "AF08B2B3-8387-4A91-8866-4C9555901D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystem:ichitaro:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "B4125282-F81C-45E4-B5A3-D5685A859455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystem:ichitaro:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "038FB1DB-00F3-4761-A6F4-551360CF7983",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystem:ichitaro_government:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "957BEBB5-8DAD-427A-936D-6AB1362B33AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Justsystem Ichitaro 9.x through 13.x, Ichitaro 2004, 2005, 2006, and Government 2006; Ichitaro for Linux; and FormLiner before 20060818 allows remote attackers to execute arbitrary code via long Unicode strings in a crafted document, as being actively exploited by malware such as Trojan.Tarodrop. NOTE: some details are obtained from third party information."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en Justsystem Ichitaro 9.x hasta 13.x, Ichitaro 2004, 2005, 2006, y Government 2006; Ichitaro para Linux; y FormLiner anterior al 18/08/2006 permite a ataacntes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante cadenas Unicode largas en un documento manipulado, tal y como est\u00e1 siendo explotado activamente por software malicioso como Trojan.Tarodrop. NOTA: algunos detalles se han obtenido de informaci\u00f3n de terceros."
}
],
"id": "CVE-2006-4326",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-24T01:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21552"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.justsystem.co.jp/info/pd6002.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/19550"
},
{
"source": "cve@mitre.org",
"url": "http://www.symantec.com/enterprise/security_response/weblog/2006/08/justsystems_ichitaro_0day_used.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2006-081615-5201-99"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/3332"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28484"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.justsystem.co.jp/info/pd6002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/19550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.symantec.com/enterprise/security_response/weblog/2006/08/justsystems_ichitaro_0day_used.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2006-081615-5201-99"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/3332"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28484"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-01-10 23:46
Modified
2025-04-09 00:30
Severity ?
Summary
Buffer overflow in JustSystems JSFC.DLL, as used in multiple JustSystems products such as Ichitaro, allows remote attackers to execute arbitrary code via a crafted .JTD file.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://jvn.jp/jp/JVN%2308237857/index.html | ||
| cve@mitre.org | http://secunia.com/advisories/28275 | Vendor Advisory | |
| cve@mitre.org | http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20080107 | ||
| cve@mitre.org | http://www.justsystems.com/jp/info/pd8001.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/27153 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1019168 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/0045 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/39501 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/jp/JVN%2308237857/index.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28275 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20080107 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.justsystems.com/jp/info/pd8001.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/27153 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1019168 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0045 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/39501 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| justsystem | ichitaro | 11.0 | |
| justsystem | ichitaro | 12.0 | |
| justsystem | ichitaro | 13.0 | |
| justsystem | ichitaro | 2004 | |
| justsystem | ichitaro | 2005 | |
| justsystem | ichitaro | 2006 | |
| justsystem | ichitaro | 2007 | |
| justsystem | ichitaro | linux | |
| justsystem | ichitaro_lite2 | * | |
| justsystem | ichitaro_viewer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:justsystem:ichitaro:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "69A39F16-968A-48E9-907F-36133B6775D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystem:ichitaro:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC262B5-28BE-4EC6-89CC-B013A15CB10C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystem:ichitaro:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72EFC88E-B6D1-4B8A-ADDD-5B2EF6523FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystem:ichitaro:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "AF08B2B3-8387-4A91-8866-4C9555901D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystem:ichitaro:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "B4125282-F81C-45E4-B5A3-D5685A859455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystem:ichitaro:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "038FB1DB-00F3-4761-A6F4-551360CF7983",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystem:ichitaro:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "A56FB56C-D890-423B-8021-7F07D143522F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystem:ichitaro:linux:*:*:*:*:*:*:*",
"matchCriteriaId": "D42AF9B5-D9C7-435B-8FE7-B2DB39CDACC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystem:ichitaro_lite2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52A939CD-2BB7-490A-A6DA-F77DB0412BC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystem:ichitaro_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEE5B0B5-C192-4CF6-B3D0-B2C234DDA1D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in JustSystems JSFC.DLL, as used in multiple JustSystems products such as Ichitaro, allows remote attackers to execute arbitrary code via a crafted .JTD file."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en JustSystems en la biblioteca JSFC.DLL, como es usado en varios productos de JustSystems como Ichitaro, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un archivo .JTD especialmente dise\u00f1ado."
}
],
"id": "CVE-2008-0223",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-01-10T23:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://jvn.jp/jp/JVN%2308237857/index.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28275"
},
{
"source": "cve@mitre.org",
"url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20080107"
},
{
"source": "cve@mitre.org",
"url": "http://www.justsystems.com/jp/info/pd8001.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27153"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019168"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0045"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/jp/JVN%2308237857/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20080107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.justsystems.com/jp/info/pd8001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39501"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}