Published:2014/01/28  Last Updated:2014/01/28

JVN#28011378
Sanshiro Series vulnerable to arbitrary code execution

Overview

The "Sanshiro" series software provided by JustSystems Corporation contains a vulnerability that may allow arbitrary code execution.

Products Affected

  • Sanshiro 2010
  • Sanshiro 2009
  • Sanshiro 2008
  • Sanshiro 2007
  • Sanshiro Viewer

Description

The "Sanshiro" series software provided by JustSystems Corporation is a spreadsheet software. The "Sanshiro" series contains a vulnerability that may allow arbitrary code execution.

Impact

When a user opens a specially crafted file, arbitrary code may be executed.

Solution

Update the software
Apply the appropriate update module according to the information provided by the developer.

Vendor Status

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Analyzed on 2014.01.28

Measures Conditions Severity
Access Required can be attacked over the Internet using packets
  • High
Authentication anonymous or no authentication (IP addresses do not count)
  • High
User Interaction Required the user must be convinced to take a standard action that does not feel harmful to most users, such as click on a link or view a file
  • Mid
Exploit Complexity some expertise and/or luck required (most buffer overflows, guessing correctly in small space, expertise in Windows function calls)
  • Mid-High

Description of each analysis measures

Credit

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2014-0810
JVN iPedia JVNDB-2014-000011