Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5687

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2007-5687
Last Modified 07 Mar 2011 10:01:08
Published 28 Oct 2007 01:08:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5687

Summary

Multiple buffer overflows in the rich text processing functionality in JustSystems Ichitaro 2004 through 2007, 11 through 13, and other versions allow remote attackers to execute arbitrary code via a long (1) pard field or (2) font name in the fcharset0 field, which is not properly handled in (a) JSTARO4.OCX; or (3) a long title, which is not properly handled by (b) TJSVDA.DLL.

Vulnerable Systems

Application

  • Justsystem Ichitaro 11.0

  • Justsystem Ichitaro 12.0

  • Justsystem Ichitaro 13.0

  • Justsystem Ichitaro 2004

  • Justsystem Ichitaro 2005

  • Justsystem Ichitaro 2006

  • Justsystem Ichitaro Linux

  • Justsystem Ichitaro Lite2


References

CONFIRM - http://www.justsystems.com/jp/info/pd7004.html

SECUNIA - 27393

VUPEN - ADV-2007-3623

BID - 26206

MISC - http://www.ipa.go.jp/security/vuln/200710_Ichitaro.html

MISC - http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-3

MISC - http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-2

MISC - http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-1

OSVDB - 39394

JVN - JVN#50495547

JVN - JVN#32981509

JVN - JVN#29211062

XF - justsystems-jstar04-bo(38130)

XF - justsystems-tjsvda-bo(38129)


Last Updated: 27 May 2016 10:46:14