JVN#32981509
Ichitaro series buffer overflow vulnerability
Overview
The "Ichitaro" series word processing software contains a buffer overflow vulnerability. This vulnerability is different from JVN#29211062 and JVN#50495547.
Products Affected
- Ichitaro Viewer
- Ichitaro 11
- Ichitaro 12
- Ichitaro 13
- Ichitaro 2004
- Ichitaro 2005
- Ichitaro Bungei
- Ichitaro 2006
- Ichitaro Government 2006
- Ichitaro 2007
- Ichitaro Government 2007
- Ichitaro 2007 trial version
- Ichitaro Lite2
- Ichitaro for Linux
Description
The "Ichitaro" series word processing software, from JustSystems Corporation, contains a buffer overflow vulnerability. If a user opens a specially crafted jtd file or views it on a web browser, an attacker could execute arbitrary code with the privileges of the user.
Impact
An attacker could execute arbitrary code with the privileges of the user who opened the specially crafted jtd file.
Solution
Update the Software
Apply the update module provided by JustSystems.
Vendor Status
Vendor | Link |
JustSystems Corporation |
http://www.justsystems.com/jp/info/pd7004.html |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Analyzed on 2007.10.25
Measures | Conditions | Severity |
---|---|---|
Access Required | Routed - can be attacked over the Internet using packets |
|
Authentication | None - anonymous or no authentication (IP addresses do not count) |
|
User Interaction Required | Simple - the user must be convinced to take a standard action that does not feel harmful to most users, such as click on a link or view a file |
|
Exploit Complexity | Low-Medium - some expertise and/or luck required (most buffer overflows, guessing correctly in small space, expertise in Windows function calls) |
|
Credit
Yuji Ukai of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
Other Information
JPCERT Alert | |
JPCERT Reports | |
CERT Advisory | |
CPNI Advisory | |
TRnotes | |
CVE | |
JVN iPedia |
JVNDB-2007-000877 |