Vulnerabilites related to justsystems - ichitaro_government_8
CVE-2022-36344 (GCVE-0-2022-36344)
Vulnerability from cvelistv5
Published
2022-08-16 07:03
Modified
2024-08-03 10:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Unquoted Search Path or Element
Summary
An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JustSystems Corporation | JustSystems JUST Online Update for J-License' |
Version: JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:00:04.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.justsystems.com/jp/corporate/info/js22001.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN57073973/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "JustSystems JUST Online Update for J-License\u0027",
"vendor": "JustSystems Corporation",
"versions": [
{
"status": "affected",
"version": "JustSystems JUST Online Update for J-License\u0027 bundled with multiple products for corporate users as in Ichitaro through Pro5 and others"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unquoted search path vulnerability exists in \u0027JustSystems JUST Online Update for J-License\u0027 bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unquoted Search Path or Element",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-16T07:03:05",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.justsystems.com/jp/corporate/info/js22001.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN57073973/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-36344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "JustSystems JUST Online Update for J-License\u0027",
"version": {
"version_data": [
{
"version_value": "JustSystems JUST Online Update for J-License\u0027 bundled with multiple products for corporate users as in Ichitaro through Pro5 and others"
}
]
}
}
]
},
"vendor_name": "JustSystems Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unquoted search path vulnerability exists in \u0027JustSystems JUST Online Update for J-License\u0027 bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unquoted Search Path or Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.justsystems.com/jp/corporate/info/js22001.html",
"refsource": "MISC",
"url": "https://www.justsystems.com/jp/corporate/info/js22001.html"
},
{
"name": "https://jvn.jp/en/jp/JVN57073973/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN57073973/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-36344",
"datePublished": "2022-08-16T07:03:05",
"dateReserved": "2022-07-22T00:00:00",
"dateUpdated": "2024-08-03T10:00:04.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-35126 (GCVE-0-2023-35126)
Vulnerability from cvelistv5
Published
2023-10-19 16:02
Modified
2025-02-13 16:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-129 - Improper Validation of Array Index
Summary
An out-of-bounds write vulnerability exists within the parsers for both the "DocumentViewStyles" and "DocumentEditStyles" streams of Ichitaro 2023 1.0.1.59372 when processing types 0x0000-0x0009 of a style record with the type 0x2008. A specially crafted document can cause memory corruption, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ichitaro 2023 | Ichitaro 2023 |
Version: 1.0.1.59372 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:23:59.476Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1825",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1825"
},
{
"name": "https://jvn.jp/en/jp/JVN28846531/index.html",
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN28846531/index.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1825"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35126",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T19:10:44.900753Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T19:12:25.611Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Ichitaro 2023",
"vendor": "Ichitaro 2023",
"versions": [
{
"status": "affected",
"version": "1.0.1.59372"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by a member of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write vulnerability exists within the parsers for both the \"DocumentViewStyles\" and \"DocumentEditStyles\" streams of Ichitaro 2023 1.0.1.59372 when processing types 0x0000-0x0009 of a style record with the type 0x2008. A specially crafted document can cause memory corruption, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-129",
"description": "CWE-129: Improper Validation of Array Index",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-19T16:05:06.477Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1825",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1825"
},
{
"name": "https://jvn.jp/en/jp/JVN28846531/index.html",
"url": "https://jvn.jp/en/jp/JVN28846531/index.html"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1825"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-35126",
"datePublished": "2023-10-19T16:02:29.998Z",
"dateReserved": "2023-07-31T21:52:03.187Z",
"dateUpdated": "2025-02-13T16:55:47.722Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38127 (GCVE-0-2023-38127)
Vulnerability from cvelistv5
Published
2023-10-19 17:00
Modified
2024-09-12 19:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-190 - Integer Overflow or Wraparound
Summary
An integer overflow exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause the parser to make an under-sized allocation, which can later allow for memory corruption, potentially resulting in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ichitaro 2023 | Ichitaro 2023 |
Version: 1.0.1.59372 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:30:13.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1808",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1808"
},
{
"name": "https://jvn.jp/en/jp/JVN28846531/index.html",
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN28846531/index.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38127",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T19:06:59.215037Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T19:07:07.906Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Ichitaro 2023",
"vendor": "Ichitaro 2023",
"versions": [
{
"status": "affected",
"version": "1.0.1.59372"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by a member of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow exists in the \"HyperLinkFrame\" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause the parser to make an under-sized allocation, which can later allow for memory corruption, potentially resulting in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T17:00:06.976Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1808",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1808"
},
{
"name": "https://jvn.jp/en/jp/JVN28846531/index.html",
"url": "https://jvn.jp/en/jp/JVN28846531/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-38127",
"datePublished": "2023-10-19T17:00:43.288Z",
"dateReserved": "2023-07-17T21:54:43.843Z",
"dateUpdated": "2024-09-12T19:07:07.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34366 (GCVE-0-2023-34366)
Vulnerability from cvelistv5
Published
2023-10-19 17:00
Modified
2024-09-12 18:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
A use-after-free vulnerability exists in the Figure stream parsing functionality of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause memory corruption, resulting in arbitrary code execution. Victim would need to open a malicious file to trigger this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ichitaro 2023 | Ichitaro 2023 |
Version: 1.0.1.59372 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:06.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1758",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1758"
},
{
"name": "https://jvn.jp/en/jp/JVN28846531/index.html",
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN28846531/index.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34366",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T18:05:09.536876Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T18:05:25.878Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Ichitaro 2023",
"vendor": "Ichitaro 2023",
"versions": [
{
"status": "affected",
"version": "1.0.1.59372"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by a member of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free vulnerability exists in the Figure stream parsing functionality of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause memory corruption, resulting in arbitrary code execution. Victim would need to open a malicious file to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T17:00:06.097Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1758",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1758"
},
{
"name": "https://jvn.jp/en/jp/JVN28846531/index.html",
"url": "https://jvn.jp/en/jp/JVN28846531/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-34366",
"datePublished": "2023-10-19T17:00:43.773Z",
"dateReserved": "2023-06-08T15:45:16.455Z",
"dateUpdated": "2024-09-12T18:05:25.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38128 (GCVE-0-2023-38128)
Vulnerability from cvelistv5
Published
2023-10-19 17:00
Modified
2025-02-13 17:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Summary
An out-of-bounds write vulnerability exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause a type confusion, which can lead to memory corruption and eventually arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ichitaro 2023 | Ichitaro 2023 |
Version: 1.0.1.59372 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:30:14.086Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1809",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1809"
},
{
"name": "https://jvn.jp/en/jp/JVN28846531/index.html",
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN28846531/index.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1809"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38128",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T19:08:18.379467Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T19:08:27.600Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Ichitaro 2023",
"vendor": "Ichitaro 2023",
"versions": [
{
"status": "affected",
"version": "1.0.1.59372"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by a member of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write vulnerability exists in the \"HyperLinkFrame\" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause a type confusion, which can lead to memory corruption and eventually arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T17:06:10.274Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1809",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1809"
},
{
"name": "https://jvn.jp/en/jp/JVN28846531/index.html",
"url": "https://jvn.jp/en/jp/JVN28846531/index.html"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1809"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-38128",
"datePublished": "2023-10-19T17:00:42.797Z",
"dateReserved": "2023-07-17T22:09:40.438Z",
"dateUpdated": "2025-02-13T17:01:45.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10870 (GCVE-0-2017-10870)
Vulnerability from cvelistv5
Published
2017-11-02 15:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Memory Corrution vulnerability
Summary
Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki 2018, Rakuraku Hagaki 2017, Rakuraku Hagaki 2016) and Rakuraku Hagaki Select for Ichitaro (Ichitaro 2017, Ichitaro 2016, Ichitaro 2015, Ichitaro Pro3, Ichitaro Pro2, Ichitaro Pro, Ichitaro 2011, Ichitaro Government 8, Ichitaro Government 7, Ichitaro Government 6 and Ichitaro 2017 Trial version) allows attackers to execute arbitrary code with privileges of the application via specially crafted file.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Justsystem | Rakuraku Hagaki |
Version: Rakuraku Hagaki 2018 Version: Rakuraku Hagaki 2017 Version: Rakuraku Hagaki 2016 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU93703434/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.justsystems.com/jp/info/js17003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rakuraku Hagaki",
"vendor": "Justsystem",
"versions": [
{
"status": "affected",
"version": "Rakuraku Hagaki 2018"
},
{
"status": "affected",
"version": "Rakuraku Hagaki 2017"
},
{
"status": "affected",
"version": "Rakuraku Hagaki 2016"
}
]
},
{
"product": "Rakuraku Hagaki Select for Ichitaro",
"vendor": "Justsystem",
"versions": [
{
"status": "affected",
"version": "Ichitaro 2017"
},
{
"status": "affected",
"version": "Ichitaro 2016"
},
{
"status": "affected",
"version": "Ichitaro 2015"
},
{
"status": "affected",
"version": "Ichitaro Pro3"
},
{
"status": "affected",
"version": "Ichitaro Pro2"
},
{
"status": "affected",
"version": "Ichitaro Pro"
},
{
"status": "affected",
"version": "Ichitaro 2011"
},
{
"status": "affected",
"version": "Ichitaro Government 8"
},
{
"status": "affected",
"version": "Ichitaro Government 7"
},
{
"status": "affected",
"version": "Ichitaro Government 6"
},
{
"status": "affected",
"version": "Ichitaro 2017 Trial version"
}
]
}
],
"datePublic": "2017-11-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki 2018, Rakuraku Hagaki 2017, Rakuraku Hagaki 2016) and Rakuraku Hagaki Select for Ichitaro (Ichitaro 2017, Ichitaro 2016, Ichitaro 2015, Ichitaro Pro3, Ichitaro Pro2, Ichitaro Pro, Ichitaro 2011, Ichitaro Government 8, Ichitaro Government 7, Ichitaro Government 6 and Ichitaro 2017 Trial version) allows attackers to execute arbitrary code with privileges of the application via specially crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Memory Corrution vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-02T14:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU93703434/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.justsystems.com/jp/info/js17003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rakuraku Hagaki",
"version": {
"version_data": [
{
"version_value": "Rakuraku Hagaki 2018"
},
{
"version_value": "Rakuraku Hagaki 2017"
},
{
"version_value": "Rakuraku Hagaki 2016"
}
]
}
},
{
"product_name": "Rakuraku Hagaki Select for Ichitaro",
"version": {
"version_data": [
{
"version_value": "Ichitaro 2017"
},
{
"version_value": "Ichitaro 2016"
},
{
"version_value": "Ichitaro 2015"
},
{
"version_value": "Ichitaro Pro3"
},
{
"version_value": "Ichitaro Pro2"
},
{
"version_value": "Ichitaro Pro"
},
{
"version_value": "Ichitaro 2011"
},
{
"version_value": "Ichitaro Government 8"
},
{
"version_value": "Ichitaro Government 7"
},
{
"version_value": "Ichitaro Government 6"
},
{
"version_value": "Ichitaro 2017 Trial version"
}
]
}
}
]
},
"vendor_name": "Justsystem"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki 2018, Rakuraku Hagaki 2017, Rakuraku Hagaki 2016) and Rakuraku Hagaki Select for Ichitaro (Ichitaro 2017, Ichitaro 2016, Ichitaro 2015, Ichitaro Pro3, Ichitaro Pro2, Ichitaro Pro, Ichitaro 2011, Ichitaro Government 8, Ichitaro Government 7, Ichitaro Government 6 and Ichitaro 2017 Trial version) allows attackers to execute arbitrary code with privileges of the application via specially crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Corrution vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/vu/JVNVU93703434/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU93703434/index.html"
},
{
"name": "https://www.justsystems.com/jp/info/js17003.html",
"refsource": "MISC",
"url": "https://www.justsystems.com/jp/info/js17003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10870",
"datePublished": "2017-11-02T15:00:00",
"dateReserved": "2017-07-04T00:00:00",
"dateUpdated": "2024-08-05T17:50:12.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2017-11-02 15:29
Modified
2025-04-20 01:37
Severity ?
Summary
Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki 2018, Rakuraku Hagaki 2017, Rakuraku Hagaki 2016) and Rakuraku Hagaki Select for Ichitaro (Ichitaro 2017, Ichitaro 2016, Ichitaro 2015, Ichitaro Pro3, Ichitaro Pro2, Ichitaro Pro, Ichitaro 2011, Ichitaro Government 8, Ichitaro Government 7, Ichitaro Government 6 and Ichitaro 2017 Trial version) allows attackers to execute arbitrary code with privileges of the application via specially crafted file.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/vu/JVNVU93703434/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://www.justsystems.com/jp/info/js17003.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/vu/JVNVU93703434/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.justsystems.com/jp/info/js17003.html | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:justsystems:easy_postcard_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43B95CF5-78D5-491B-90FD-B43002411DF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:easy_postcard_2017:-:*:*:*:*:*:*:*",
"matchCriteriaId": "551A08CF-E245-44CC-92CF-9BE62A7CACA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:easy_postcard_2018:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E79413C-AA61-4B2B-AFE9-B1F893F156CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F17F103-DC14-4D8B-8A32-CF7ED342ECD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_2017:-:*:*:*:*:*:*:*",
"matchCriteriaId": "106BB10B-1A4F-499A-A991-AD00D05C6B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_2017_trial_version:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC06A952-DA96-4EC8-9D24-EDA7E165213C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_2018:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2699F59E-EA1D-4993-A7F2-B38422F22337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_government_6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67A9CFDA-35F0-4137-BFCA-FFEF838C1F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_government_7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E7EB947-83F9-4A48-91A1-A213740E53F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_government_8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E401B098-6551-4101-9906-19C2AB7A5504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "242FF195-E6D8-4C22-B03E-00775A8ED5A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_pro_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA3E1067-0D4D-4E60-AEDB-0C76BF91A6E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_pro_2011:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2DF91C4-4444-4F6A-9B72-FB4DD490A84C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_pro_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36AE4633-5418-4009-B51D-4A1F542B1A88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki 2018, Rakuraku Hagaki 2017, Rakuraku Hagaki 2016) and Rakuraku Hagaki Select for Ichitaro (Ichitaro 2017, Ichitaro 2016, Ichitaro 2015, Ichitaro Pro3, Ichitaro Pro2, Ichitaro Pro, Ichitaro 2011, Ichitaro Government 8, Ichitaro Government 7, Ichitaro Government 6 and Ichitaro 2017 Trial version) allows attackers to execute arbitrary code with privileges of the application via specially crafted file."
},
{
"lang": "es",
"value": "Una vulnerabilidad de corrupci\u00f3n de memoria en Rakuraku Hagaki (Rakuraku Hagaki 2018, Rakuraku Hagaki 2017, Rakuraku Hagaki 2016) y Rakuraku Hagaki Select para Ichitaro (Ichitaro 2017, Ichitaro 2016, Ichitaro 2015, Ichitaro Pro3, Ichitaro Pro2, Ichitaro Pro, Ichitaro 2011, Ichitaro Government 8, Ichitaro Government 7, Ichitaro Government 6 e Ichitaro 2017 Trial version) permite que atacantes ejecuten c\u00f3digo arbitrario con privilegios de la aplicaci\u00f3n mediante archivos especialmente manipulados."
}
],
"id": "CVE-2017-10870",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-02T15:29:00.243",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/vu/JVNVU93703434/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.justsystems.com/jp/info/js17003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/vu/JVNVU93703434/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.justsystems.com/jp/info/js17003.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-19 18:15
Modified
2024-11-21 08:07
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A use-after-free vulnerability exists in the Figure stream parsing functionality of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause memory corruption, resulting in arbitrary code execution. Victim would need to open a malicious file to trigger this vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| talos-cna@cisco.com | https://jvn.jp/en/jp/JVN28846531/index.html | Third Party Advisory | |
| talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2023-1758 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN28846531/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2023-1758 | Exploit, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:justsystems:easy_postcard_max:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D68E98B0-38CA-4148-825D-CF7C8AABB5BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_2021:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1755383C-2B74-4DD7-9C9B-DB19C12CA94D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1274E0AB-BDE0-45FB-B3A2-522E3AE4E41A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_2023:1.0.1.59372:*:*:*:*:*:*:*",
"matchCriteriaId": "15B1DC82-380D-4CF4-AF35-4AF2A1CBF778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_government_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A1C403A-6787-4347-AF6F-69F225944011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_government_8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E401B098-6551-4101-9906-19C2AB7A5504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_government_9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65A56D02-7438-4319-BFD1-64FB11BC758C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_pro_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36AE4633-5418-4009-B51D-4A1F542B1A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_pro_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21A4F85C-EA95-4853-9A8C-C3C9142243A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_pro_5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76FAE0E6-1037-45AC-A277-8F32338A50AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_government_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "552D41EF-A5DB-4ED0-B404-FF2649969B11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_government_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F61D3C1-0011-4D78-83F8-2349D46AFE59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_government_5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC99A5A2-32B0-4F38-A2B1-FAC50A05FBEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_office_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7814DB96-4078-47B8-93B2-5066029B6F65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_office_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D8E2A1A-7C06-491F-8A28-BE70EFCDDFFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_office_5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD6F3523-7059-4591-9D04-97D287128D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_police_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5ED46089-ED5B-4314-B079-A8932377475E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_police_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B6B97E-B202-4B1F-9B81-367CB7172DEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_police_5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B5D80C5-5821-416E-A3E3-ADC7F221B093",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free vulnerability exists in the Figure stream parsing functionality of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause memory corruption, resulting in arbitrary code execution. Victim would need to open a malicious file to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de use-after-free en la funcionalidad de an\u00e1lisis de flujo de figuras de Ichitaro 2023 1.0.1.59372. Un documento especialmente manipulado puede causar da\u00f1os en la memoria, lo que resulta en la ejecuci\u00f3n de c\u00f3digo arbitrario. La v\u00edctima necesitar\u00eda abrir un archivo malicioso para activar esta vulnerabilidad."
}
],
"id": "CVE-2023-34366",
"lastModified": "2024-11-21T08:07:06.433",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-19T18:15:08.983",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN28846531/index.html"
},
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN28846531/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1758"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-16 08:15
Modified
2024-11-21 07:12
Severity ?
Summary
An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN57073973/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://www.justsystems.com/jp/corporate/info/js22001.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN57073973/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.justsystems.com/jp/corporate/info/js22001.html | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:justsystems:atok_medical_2:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "EBEAEFCB-0736-49F7-84BD-28EFDC2A1B51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:atok_medical_3:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "CC35F9A9-C574-41F6-92D9-21DF4778FA86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:atok_pro_3:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "114490A2-2519-4B52-8EBF-3205B43BEFE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:atok_pro_4:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "C4F9F0F1-D994-49B6-BFB8-1BE988C34A52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:atok_pro_5:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "57AF9B76-BF5D-488C-BFD5-579F45FAEC49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:hanako_police_5:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93422705-9E8B-458C-BD72-E82A8A3C0EFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:hanako_police_6:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5FF3254-6391-4794-8B2F-732E670DA678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:hanako_police_7:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B4854A7-28DA-4672-BEBF-1ECF36D5EB86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:hanako_pro_3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "700BCC03-72E5-47B8-930C-0AECC317A678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:hanako_pro_4:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CB51BFD-02E3-47AF-B7E5-79CE0976C27E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:hanako_pro_5:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9A4C395-A976-4F95-94A6-BCE5E8C9CCFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:homepage_builder_20:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C65FF377-C51D-4174-95E5-E7160DB1A00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:homepage_builder_21:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE5C321-5252-45DC-9B10-492064226821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:homepage_builder_22:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBAA0571-93AA-4C4C-8384-813F3210A3F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_government_10:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C541F4FC-DC18-40C2-AC6E-F75BC2263229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_government_8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E401B098-6551-4101-9906-19C2AB7A5504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_government_9:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DF2A4C2-ACC8-48A3-BAD0-F69039F2146C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_pro_3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FE45593-9017-4672-A9BF-8A1407527357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_pro_4:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AADBDD8-139A-4BB4-BE7A-A196ECD1A654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_pro_5:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E219D80-8644-42C8-BB17-FFEBA9C21B9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_calc_3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "255EDA85-DC90-4EA3-AD75-6A6689546CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_calc_4:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7520C861-914D-4A5B-BCAA-915EC8A3AB49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_calc_5:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4B44FE5-FA7A-429E-829D-8665B410B82B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_focus_3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34657EE8-1D20-442C-9BB8-79629F49E16B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_focus_4:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69D92070-76F9-4C48-AF8E-05EE8217DFB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_frontier_3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1A47BAC-EA81-42ED-942F-C74088122838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_government_2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F2CE912-BD2E-4695-BBA5-896629AA8DF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_government_3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4CBEAD9-4C99-413B-B86A-55F36B215113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_government_4:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D49902F6-5022-41D7-998E-8576BFD0A6EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_government_5:*:*:*:*:*:*:*:*",
"matchCriteriaId": "515D8382-6FAC-4C35-9808-A11AAB0D8C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_jump_8:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18193350-CFAB-4B10-B780-E37850E84B7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_jump_class:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE561614-8D25-4DB9-A9DC-181CF89E2053",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_jump_class_2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "805F0FC4-99DE-4632-97C6-AE8A5D0682A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_medical_2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A9730B3-CCA6-4E1C-85E0-AEE81E726573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_medical_3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62597837-8FFB-4751-9FFD-D3B92BF1D63B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_medical_4:*:*:*:*:*:*:*:*",
"matchCriteriaId": "496E0528-FFBB-4093-B1D2-00BFF043328C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_medical_5:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21F72319-48C2-4C15-BC62-FD915FB7B9F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_note_3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF722D18-413B-4B71-91B2-2BFF4BE5D948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_note_4:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B3FDA20-FEF9-4B55-92D9-1771C985112C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_note_5:*:*:*:*:*:*:*:*",
"matchCriteriaId": "283E5EF3-85B4-4C6B-A66C-942B09A0B578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_office_2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAE8EF38-8E7F-4EA0-9B3F-23D92E252324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_office_3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3F2FD3B-757A-4FBD-9C0A-C71F60BC4CB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_office_4:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42BABB84-A671-43B2-A318-914AF524AC36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_office_5:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28B47EB7-4D3D-4699-B50A-9315D3EC7860",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_pdf_3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76EF577E-2E78-491D-AD89-5653FBCEC882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_pdf_4:*:*:*:*:*:*:*:*",
"matchCriteriaId": "071CC61D-BE9B-43FA-8634-F575BAC03A5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_pdf_5:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7B8F588-4330-4824-9110-06C1F8B9B940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_pdf_5:*:*:*:*:pro:*:*:*",
"matchCriteriaId": "DCF334E4-9B44-4B17-9A9B-D3275D838905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_police_2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9BAF18F-249C-40A8-AB11-F8923693CAC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_police_3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF24ADD-AB6F-41C1-840E-3762DEA568A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_police_4:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B3AB93-B50E-4039-936D-7FCE01721546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_police_5:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C96D8CFF-16AC-4108-B80F-F6D8E62288C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_school_6:*:*:*:*:*:*:*:*",
"matchCriteriaId": "977D9558-0027-40E6-A0C3-9111778C9D22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_school_7:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3660905-7806-419A-AA02-9C4C996261A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_smile_6:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A9C3D7C-ABD8-41A2-A8DD-F779FC2491B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_smile_7:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BCBA3971-6F84-4C55-8D2D-F88C522838F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_smile_8:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7173644D-36CE-436D-8CCC-AAB639752891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_smile_class_2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD5603C6-F40A-4C1E-BE21-5B795B290446",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:shuriken_pro_6:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E4E275-8B0A-4246-B18C-443A43A4D95F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:shuriken_pro_7:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A21C2845-08A6-47AC-BF04-661EFD6496DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:tri-de_dataprotect:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8DA45543-4571-46DC-B7DC-998622269E17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unquoted search path vulnerability exists in \u0027JustSystems JUST Online Update for J-License\u0027 bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de ruta de b\u00fasqueda no citada en \"JustSystems JUST Online Update for J-License\" incluido en m\u00faltiples productos para usuarios corporativos como en Ichitaro a trav\u00e9s de Pro5 y otros. Dado que el producto afectado inicia otro programa con una ruta de archivo no citada, puede ejecutarse un archivo malicioso con el privilegio del servicio de Windows si es colocada en una ruta determinada. Los productos afectados est\u00e1n incluidos en las siguientes series de productos: Office y Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump y Tri-De DetaProtect."
}
],
"id": "CVE-2022-36344",
"lastModified": "2024-11-21T07:12:49.830",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-16T08:15:09.157",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN57073973/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.justsystems.com/jp/corporate/info/js22001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN57073973/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.justsystems.com/jp/corporate/info/js22001.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-428"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-19 17:15
Modified
2024-11-21 08:07
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
An out-of-bounds write vulnerability exists within the parsers for both the "DocumentViewStyles" and "DocumentEditStyles" streams of Ichitaro 2023 1.0.1.59372 when processing types 0x0000-0x0009 of a style record with the type 0x2008. A specially crafted document can cause memory corruption, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| talos-cna@cisco.com | https://jvn.jp/en/jp/JVN28846531/index.html | Third Party Advisory | |
| talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2023-1825 | Exploit, Third Party Advisory | |
| talos-cna@cisco.com | https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1825 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN28846531/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2023-1825 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1825 | Exploit, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:justsystems:easy_postcard_max:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D68E98B0-38CA-4148-825D-CF7C8AABB5BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_2021:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1755383C-2B74-4DD7-9C9B-DB19C12CA94D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1274E0AB-BDE0-45FB-B3A2-522E3AE4E41A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_2023:1.0.1.59372:*:*:*:*:*:*:*",
"matchCriteriaId": "15B1DC82-380D-4CF4-AF35-4AF2A1CBF778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_government_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A1C403A-6787-4347-AF6F-69F225944011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_government_8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E401B098-6551-4101-9906-19C2AB7A5504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_government_9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65A56D02-7438-4319-BFD1-64FB11BC758C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_pro_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36AE4633-5418-4009-B51D-4A1F542B1A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_pro_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21A4F85C-EA95-4853-9A8C-C3C9142243A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_pro_5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76FAE0E6-1037-45AC-A277-8F32338A50AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_government_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "552D41EF-A5DB-4ED0-B404-FF2649969B11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_government_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F61D3C1-0011-4D78-83F8-2349D46AFE59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_government_5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC99A5A2-32B0-4F38-A2B1-FAC50A05FBEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_office_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7814DB96-4078-47B8-93B2-5066029B6F65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_office_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D8E2A1A-7C06-491F-8A28-BE70EFCDDFFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_office_5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD6F3523-7059-4591-9D04-97D287128D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_police_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5ED46089-ED5B-4314-B079-A8932377475E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_police_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B6B97E-B202-4B1F-9B81-367CB7172DEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_police_5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B5D80C5-5821-416E-A3E3-ADC7F221B093",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write vulnerability exists within the parsers for both the \"DocumentViewStyles\" and \"DocumentEditStyles\" streams of Ichitaro 2023 1.0.1.59372 when processing types 0x0000-0x0009 of a style record with the type 0x2008. A specially crafted document can cause memory corruption, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de escritura fuera de l\u00edmites dentro de los analizadores para las secuencias \"DocumentViewStyles\" y \"DocumentEditStyles\" de Ichitaro 2023 1.0.1.59372 al procesar los tipos 0x0000-0x0009 de un registro de estilo con el tipo 0x2008. Un documento especialmente manipulado puede provocar da\u00f1os en la memoria, lo que puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante puede proporcionar un archivo malicioso para desencadenar esta vulnerabilidad."
}
],
"id": "CVE-2023-35126",
"lastModified": "2024-11-21T08:07:59.467",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-19T17:15:10.000",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN28846531/index.html"
},
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1825"
},
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1825"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN28846531/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1825"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1825"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-129"
}
],
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-19 18:15
Modified
2024-11-21 08:12
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
An out-of-bounds write vulnerability exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause a type confusion, which can lead to memory corruption and eventually arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| talos-cna@cisco.com | https://jvn.jp/en/jp/JVN28846531/index.html | Third Party Advisory | |
| talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2023-1809 | Exploit, Third Party Advisory | |
| talos-cna@cisco.com | https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1809 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN28846531/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2023-1809 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1809 | Exploit, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:justsystems:easy_postcard_max:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D68E98B0-38CA-4148-825D-CF7C8AABB5BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_2021:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1755383C-2B74-4DD7-9C9B-DB19C12CA94D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1274E0AB-BDE0-45FB-B3A2-522E3AE4E41A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_2023:1.0.1.59372:*:*:*:*:*:*:*",
"matchCriteriaId": "15B1DC82-380D-4CF4-AF35-4AF2A1CBF778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_government_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A1C403A-6787-4347-AF6F-69F225944011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_government_8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E401B098-6551-4101-9906-19C2AB7A5504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_government_9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65A56D02-7438-4319-BFD1-64FB11BC758C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_pro_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36AE4633-5418-4009-B51D-4A1F542B1A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_pro_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21A4F85C-EA95-4853-9A8C-C3C9142243A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_pro_5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76FAE0E6-1037-45AC-A277-8F32338A50AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_government_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "552D41EF-A5DB-4ED0-B404-FF2649969B11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_government_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F61D3C1-0011-4D78-83F8-2349D46AFE59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_government_5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC99A5A2-32B0-4F38-A2B1-FAC50A05FBEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_office_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7814DB96-4078-47B8-93B2-5066029B6F65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_office_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D8E2A1A-7C06-491F-8A28-BE70EFCDDFFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_office_5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD6F3523-7059-4591-9D04-97D287128D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_police_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5ED46089-ED5B-4314-B079-A8932377475E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_police_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B6B97E-B202-4B1F-9B81-367CB7172DEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_police_5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B5D80C5-5821-416E-A3E3-ADC7F221B093",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write vulnerability exists in the \"HyperLinkFrame\" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause a type confusion, which can lead to memory corruption and eventually arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de escritura fuera de l\u00edmites en el analizador de flujo \"HyperLinkFrame\" de Ichitaro 2023 1.0.1.59372. Un documento especialmente manipulado puede causar confusi\u00f3n de tipos, lo que puede provocar da\u00f1os en la memoria y, finalmente, la ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante puede proporcionar un archivo malicioso para desencadenar esta vulnerabilidad."
}
],
"id": "CVE-2023-38128",
"lastModified": "2024-11-21T08:12:55.110",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-19T18:15:09.560",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN28846531/index.html"
},
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1809"
},
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1809"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN28846531/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1809"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1809"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-843"
}
],
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-19 18:15
Modified
2024-11-21 08:12
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
An integer overflow exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause the parser to make an under-sized allocation, which can later allow for memory corruption, potentially resulting in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| talos-cna@cisco.com | https://jvn.jp/en/jp/JVN28846531/index.html | Third Party Advisory | |
| talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2023-1808 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN28846531/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2023-1808 | Exploit, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:justsystems:easy_postcard_max:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D68E98B0-38CA-4148-825D-CF7C8AABB5BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_2021:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1755383C-2B74-4DD7-9C9B-DB19C12CA94D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1274E0AB-BDE0-45FB-B3A2-522E3AE4E41A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_2023:1.0.1.59372:*:*:*:*:*:*:*",
"matchCriteriaId": "15B1DC82-380D-4CF4-AF35-4AF2A1CBF778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_government_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A1C403A-6787-4347-AF6F-69F225944011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_government_8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E401B098-6551-4101-9906-19C2AB7A5504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_government_9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65A56D02-7438-4319-BFD1-64FB11BC758C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_pro_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36AE4633-5418-4009-B51D-4A1F542B1A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_pro_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21A4F85C-EA95-4853-9A8C-C3C9142243A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:ichitaro_pro_5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76FAE0E6-1037-45AC-A277-8F32338A50AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_government_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "552D41EF-A5DB-4ED0-B404-FF2649969B11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_government_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F61D3C1-0011-4D78-83F8-2349D46AFE59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_government_5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC99A5A2-32B0-4F38-A2B1-FAC50A05FBEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_office_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7814DB96-4078-47B8-93B2-5066029B6F65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_office_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D8E2A1A-7C06-491F-8A28-BE70EFCDDFFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_office_5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD6F3523-7059-4591-9D04-97D287128D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_police_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5ED46089-ED5B-4314-B079-A8932377475E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_police_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B6B97E-B202-4B1F-9B81-367CB7172DEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:justsystems:just_police_5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B5D80C5-5821-416E-A3E3-ADC7F221B093",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow exists in the \"HyperLinkFrame\" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause the parser to make an under-sized allocation, which can later allow for memory corruption, potentially resulting in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe un desbordamiento de enteros en el analizador de flujo \"HyperLinkFrame\" de Ichitaro 2023 1.0.1.59372. Un documento especialmente manipulado puede hacer que el analizador realice una asignaci\u00f3n de tama\u00f1o insuficiente, lo que posteriormente puede permitir la corrupci\u00f3n de la memoria, lo que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante puede proporcionar un archivo malicioso para desencadenar esta vulnerabilidad."
}
],
"id": "CVE-2023-38127",
"lastModified": "2024-11-21T08:12:54.973",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-19T18:15:09.467",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN28846531/index.html"
},
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN28846531/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1808"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}