Published:2014/01/28 Last Updated:2014/01/28
JVN#28011378
Sanshiro Series vulnerable to arbitrary code execution
Overview
The "Sanshiro" series software provided by JustSystems Corporation contains a vulnerability that may allow arbitrary code execution.
Products Affected
- Sanshiro 2010
- Sanshiro 2009
- Sanshiro 2008
- Sanshiro 2007
- Sanshiro Viewer
Description
The "Sanshiro" series software provided by JustSystems Corporation is a spreadsheet software. The "Sanshiro" series contains a vulnerability that may allow arbitrary code execution.
Impact
When a user opens a specially crafted file, arbitrary code may be executed.
Solution
Update the software
Apply the appropriate update module according to the information provided by the developer.
Vendor Status
Vendor | Link |
JustSystems Corporation | [JS14001] Vulnerability in Sanshiro may allow arbitrary code execution |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Analyzed on 2014.01.28
Measures | Conditions | Severity |
---|---|---|
Access Required | can be attacked over the Internet using packets |
|
Authentication | anonymous or no authentication (IP addresses do not count) |
|
User Interaction Required | the user must be convinced to take a standard action that does not feel harmful to most users, such as click on a link or view a file |
|
Exploit Complexity | some expertise and/or luck required (most buffer overflows, guessing correctly in small space, expertise in Windows function calls) |
|
Credit
Other Information
JPCERT Alert | |
JPCERT Reports | |
CERT Advisory |
|
CPNI Advisory |
|
TRnotes |
|
CVE |
CVE-2014-0810 |
JVN iPedia |
JVNDB-2014-000011 |