JVN#57040664
ATOK screen lock bypass vulnerability
Overview
ATOK from JustSystems Corporation contains a screen lock bypass vulnerability.
Products Affected
- ATOK for Windows
- ATOK Smile
Description
ATOK from JustSystems Corporation is a software for Japanese Kana-Kanji conversion. ATOK contains an issue with the restriction of launching external applications, which may lead to a screen lock bypass vulnerability.
Impact
An attacker could execute arbitrary code or program with the privileges of the LocalSystem account.
Solution
Update the Software
Apply the applicable update according to the information provided by JustSystems.
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Analyzed on 2009.09.02
| Measures | Conditions | Severity |
|---|---|---|
| Access Required | Local - requires you to login into the box to a shell or remote desktop |
|
| Authentication | None - anonymous or no authentication (IP addresses do not count) |
|
| User Interaction Required | None - the vulnerability can be exploited without an honest user taking any action |
|
| Exploit Complexity | Low-Medium - some expertise and/or luck required (most buffer overflows, guessing correctly in small space, expertise in Windows function calls) |
|
Credit
Taku Kudo of Google Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE |
CVE-2009-4738 |
| JVN iPedia |
JVNDB-2009-000057 |