Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
33 vulnerabilities by JustSystems Corporation
JVNDB-2023-000102
Vulnerability from jvndb - Published: 2023-10-19 15:16 - Updated:2024-05-16 16:44
Severity
Summary
Multiple vulnerabilities in JustSystems products
Details
Multiple products provided by JustSystems Corporation contain multiple vulnerabilities listed below.
* Use after free (CWE-416) - CVE-2023-34366
* Integer overflow (CWE-190) - CVE-2023-38127
* Access of resource using incompatible type (Type confusion) (CWE-843) - CVE-2023-38128
* Improper validation of array index (CWE-129) - CVE-2023-35126
Cisco Talos Security Intelligence & Research Group reported these vulnerabilities to JustSystems Corporation and coordinated. JustSystems Corporation and JPCERT/CC published respective advisories in order to notify users of the solution through JVN.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000102.html",
"dc:date": "2024-05-16T16:44+09:00",
"dcterms:issued": "2023-10-19T15:16+09:00",
"dcterms:modified": "2024-05-16T16:44+09:00",
"description": "Multiple products provided by JustSystems Corporation contain multiple vulnerabilities listed below.\r\n\r\n * Use after free (CWE-416) - CVE-2023-34366\r\n * Integer overflow (CWE-190) - CVE-2023-38127\r\n * Access of resource using incompatible type (Type confusion) (CWE-843) - CVE-2023-38128\r\n * Improper validation of array index (CWE-129) - CVE-2023-35126\r\n\r\nCisco Talos Security Intelligence \u0026 Research Group reported these vulnerabilities to JustSystems Corporation and coordinated. JustSystems Corporation and JPCERT/CC published respective advisories in order to notify users of the solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000102.html",
"sec:cpe": [
{
"#text": "cpe:/a:justsystems:ichitaro",
"@product": "Ichitaro",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:just_government",
"@product": "JUST Government",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:just_office",
"@product": "JUST Office",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:just_police",
"@product": "JUST Police",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:rakuraku_hagaki",
"@product": "Rakuraku Hagaki",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "1.9",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
{
"@score": "3.3",
"@severity": "Low",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000102",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN28846531/index.html",
"@id": "JVN#28846531",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-34366",
"@id": "CVE-2023-34366",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-38127",
"@id": "CVE-2023-38127",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-38128",
"@id": "CVE-2023-38128",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-35126",
"@id": "CVE-2023-35126",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-34366",
"@id": "CVE-2023-34366",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-38127",
"@id": "CVE-2023-38127",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-38128",
"@id": "CVE-2023-38128",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-35126",
"@id": "CVE-2023-35126",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in JustSystems products"
}
JVNDB-2023-000031
Vulnerability from jvndb - Published: 2023-04-04 15:22 - Updated:2024-05-29 17:32
Severity
Summary
Multiple vulnerabilities in JustSystems products
Details
Multiple products provided by JustSystems Corporation contain multiple vulnerabilities listed below.
- Use After Free (CWE-416) - CVE-2022-43664
- Heap-based Buffer Overflow (CWE-122) - CVE-2022-45115
- Free of Memory not on the Heap (CWE-590) - CVE-2023-22291
- Heap-based Buffer Overflow (CWE-122) - CVE-2023-22660
References
| Type | URL | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000031.html",
"dc:date": "2024-05-29T17:32+09:00",
"dcterms:issued": "2023-04-04T15:22+09:00",
"dcterms:modified": "2024-05-29T17:32+09:00",
"description": "Multiple products provided by JustSystems Corporation contain multiple vulnerabilities listed below.\r\n\u003cul\u003e\u003cli\u003eUse After Free (CWE-416) - CVE-2022-43664\u003c/li\u003e\r\n\u003cli\u003eHeap-based Buffer Overflow (CWE-122) - CVE-2022-45115\u003c/li\u003e\r\n\u003cli\u003eFree of Memory not on the Heap (CWE-590) - CVE-2023-22291\u003c/li\u003e\r\n\u003cli\u003eHeap-based Buffer Overflow (CWE-122) - CVE-2023-22660\u003c/li\u003e\u003c/ul\u003e\r\nCisco Talos Security Intelligence \u0026 Research Group reported these vulnerabilities to JustSystems Corporation and coordinated. JustSystems Corporation and JPCERT/CC published respective advisories in order to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000031.html",
"sec:cpe": [
{
"#text": "cpe:/a:justsystems:hanako",
"@product": "Hanako",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:homepage_builder_21",
"@product": "Homepage Builder 21",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:ichitaro",
"@product": "Ichitaro",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:just_government",
"@product": "JUST Government",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:just_office",
"@product": "JUST Office",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:just_police",
"@product": "JUST Police",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:label_mighty",
"@product": "Label Mighty",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:rakuraku_hagaki",
"@product": "Rakuraku Hagaki",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000031",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN79149117/index.html",
"@id": "JVN#79149117",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-43664",
"@id": "CVE-2022-43664",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-45115",
"@id": "CVE-2022-45115",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-22291",
"@id": "CVE-2023-22291",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-22660",
"@id": "CVE-2023-22660",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-43664",
"@id": "CVE-2022-43664",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-45115",
"@id": "CVE-2022-45115",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22291",
"@id": "CVE-2023-22291",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22660",
"@id": "CVE-2023-22660",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in JustSystems products"
}
JVNDB-2022-000061
Vulnerability from jvndb - Published: 2022-07-28 13:40 - Updated:2022-07-28 13:40
Severity
Summary
"JustSystems JUST Online Update for J-License" starts a program with an unquoted file path
Details
"JustSystems JUST Online Update for J-License" is bundled with multiple products for corporate users provided by JustSystems Corporation, as in Ichitaro through Pro5 and others, and it is registered as a Windows service.
"JustSystems JUST Online Update for J-License" starts another program with an unquoted file path (CWE-428).
Hiroki MATSUKUMA of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000061.html",
"dc:date": "2022-07-28T13:40+09:00",
"dcterms:issued": "2022-07-28T13:40+09:00",
"dcterms:modified": "2022-07-28T13:40+09:00",
"description": "\"JustSystems JUST Online Update for J-License\" is bundled with multiple products for corporate users provided by JustSystems Corporation, as in Ichitaro through Pro5 and others, and it is registered as a Windows service.\r\n\"JustSystems JUST Online Update for J-License\" starts another program with an unquoted file path (CWE-428).\r\n\r\nHiroki MATSUKUMA of Cyber Defense Institute, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000061.html",
"sec:cpe": {
"#text": "cpe:/a:justsystems:just_online_update",
"@product": "JUST Online Update",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"@version": "2.0"
},
{
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-000061",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN57073973/index.html",
"@id": "JVN#57073973",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-36344",
"@id": "CVE-2022-36344",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-36344",
"@id": "CVE-2022-36344",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "\"JustSystems JUST Online Update for J-License\" starts a program with an unquoted file path"
}
JVNDB-2017-008629
Vulnerability from jvndb - Published: 2017-10-25 12:17 - Updated:2018-03-14 14:01
Severity
Summary
Memory corruption vulnerability in Rakuraku Hagaki and Rakuraku Hagaki Select for Ichitaro
Details
Rakuraku Hagaki and Rakuraku Hagaki Select for Ichitaro contain a memory corruption vulnerability.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-008629.html",
"dc:date": "2018-03-14T14:01+09:00",
"dcterms:issued": "2017-10-25T12:17+09:00",
"dcterms:modified": "2018-03-14T14:01+09:00",
"description": "Rakuraku Hagaki and Rakuraku Hagaki Select for Ichitaro contain a memory corruption vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-008629.html",
"sec:cpe": [
{
"#text": "cpe:/a:justsystems:ichitaro",
"@product": "Ichitaro",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:ichitaro_government",
"@product": "Ichitaro Government",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:ichitaro_pro",
"@product": "Ichitaro Pro",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:rakuraku_hagaki",
"@product": "Rakuraku Hagaki",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "5.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-008629",
"sec:references": [
{
"#text": "http://jvn.jp/en/vu/JVNVU93703434/index.html",
"@id": "JVNVU#93703434",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10870",
"@id": "CVE-2017-10870",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10870",
"@id": "CVE-2017-10870",
"@source": "NVD"
}
],
"title": "Memory corruption vulnerability in Rakuraku Hagaki and Rakuraku Hagaki Select for Ichitaro"
}
JVNDB-2017-000076
Vulnerability from jvndb - Published: 2017-04-20 15:11 - Updated:2017-06-01 13:40
Severity
Summary
Multiple JustSystems products including Hanako may insecurely load Dynamic Link Libraries
Details
Hanako and multiple software suites containing Hanako provided by JustSystems Corporation contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.
Eiji James Yoshida of Security Professionals Network Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000076.html",
"dc:date": "2017-06-01T13:40+09:00",
"dcterms:issued": "2017-04-20T15:11+09:00",
"dcterms:modified": "2017-06-01T13:40+09:00",
"description": "Hanako and multiple software suites containing Hanako provided by JustSystems Corporation contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.\r\n\r\nEiji James Yoshida of Security Professionals Network Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000076.html",
"sec:cpe": [
{
"#text": "cpe:/a:justsystems:hanako",
"@product": "Hanako",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:hanako_police",
"@product": "Hanako Police",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:hanako_pro",
"@product": "Hanako Pro",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:justschool",
"@product": "Just School",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:just_frontier",
"@product": "Just Frontier",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:just_government",
"@product": "JUST Government",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:just_jump",
"@product": "Just Jump",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:just_office",
"@product": "JUST Office",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:just_police",
"@product": "JUST Police",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000076",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN54268888/index.html",
"@id": "JVN#54268888",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2154",
"@id": "CVE-2017-2154",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2154",
"@id": "CVE-2017-2154",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple JustSystems products including Hanako may insecurely load Dynamic Link Libraries"
}
JVNDB-2014-000131
Vulnerability from jvndb - Published: 2014-11-13 16:52 - Updated:2014-11-27 17:58Summary
Ichitaro series vulnerable to arbitrary code execution
Details
The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution.
This vulnerability differs from other issues that were previously published on JVN.
For more information, please refer to the developer's website.
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000131.html",
"dc:date": "2014-11-27T17:58+09:00",
"dcterms:issued": "2014-11-13T16:52+09:00",
"dcterms:modified": "2014-11-27T17:58+09:00",
"description": "The \"Ichitaro\" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution.\r\nThis vulnerability differs from other issues that were previously published on JVN.\r\n\r\nFor more information, please refer to the developer\u0027s website.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000131.html",
"sec:cpe": [
{
"#text": "cpe:/a:justsystems:ichitaro",
"@product": "Ichitaro",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:ichitaro_pro",
"@product": "Ichitaro Pro",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "9.3",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000131",
"sec:references": [
{
"#text": "http://jvn.jp/jp/JVN16318793/index.html",
"@id": "JVN#16318793",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7247",
"@id": "CVE-2014-7247",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7247",
"@id": "CVE-2014-7247",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/ciadr/vul/20141113-jvn.html",
"@id": "Security Alert for Ichitaro series vulnerable to arbitrary code execution (JVN#16318793)",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
}
],
"title": "Ichitaro series vulnerable to arbitrary code execution"
}
JVNDB-2014-000053
Vulnerability from jvndb - Published: 2014-06-11 12:22 - Updated:2014-06-17 16:25Summary
JustSystems Online Update Program bundled with JustSystems products vulnerable to arbitrary code execution
Details
"JUST Online Update" and "JUST Online Update for J-License and the management tools" that are bundled with multiple JustSystems products contain a flaw that allows the update program to be executed even if the signature of an update module is invalid.
Please note that this is a flaw in the online update program, not a flaw in each software itself.
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000053.html",
"dc:date": "2014-06-17T16:25+09:00",
"dcterms:issued": "2014-06-11T12:22+09:00",
"dcterms:modified": "2014-06-17T16:25+09:00",
"description": "\"JUST Online Update\" and \"JUST Online Update for J-License and the management tools\" that are bundled with multiple JustSystems products contain a flaw that allows the update program to be executed even if the signature of an update module is invalid.\r\nPlease note that this is a flaw in the online update program, not a flaw in each software itself.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000053.html",
"sec:cpe": {
"#text": "cpe:/a:justsystems:just_online_update",
"@product": "JUST Online Update",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.6",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000053",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN50129191/index.html",
"@id": "JVN#50129191",
"@source": "JVN"
},
{
"#text": "//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2003",
"@id": "CVE-2014-2003",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2003",
"@id": "CVE-2014-2003",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/ciadr/vul/20140611-jvn.html",
"@id": "About arbitrary code execution vulnerability of JustSystems Online Update Program bundled with JustSystems products (JVN#50129191)",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
}
],
"title": "JustSystems Online Update Program bundled with JustSystems products vulnerable to arbitrary code execution"
}
JVNDB-2014-000011
Vulnerability from jvndb - Published: 2014-01-28 14:48 - Updated:2014-01-30 14:24Summary
Sanshiro Series vulnerable to arbitrary code execution
Details
The "Sanshiro" series software provided by JustSystems Corporation is a spreadsheet software. The "Sanshiro" series contains a vulnerability that may allow arbitrary code execution.
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000011.html",
"dc:date": "2014-01-30T14:24+09:00",
"dcterms:issued": "2014-01-28T14:48+09:00",
"dcterms:modified": "2014-01-30T14:24+09:00",
"description": "The \"Sanshiro\" series software provided by JustSystems Corporation is a spreadsheet software. The \"Sanshiro\" series contains a vulnerability that may allow arbitrary code execution.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000011.html",
"sec:cpe": {
"#text": "cpe:/a:justsystems:sanshiro",
"@product": "Sanshiro",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "9.3",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000011",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN28011378/index.html",
"@id": "JVN#28011378",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0810",
"@id": "CVE-2014-0810",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0810",
"@id": "CVE-2014-0810",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/ciadr/vul/20140128-jvn.html",
"@id": "Security Alert for Sanshiro Series vulnerable to arbitrary code execution (JVN#28011378)",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
}
],
"title": "Sanshiro Series vulnerable to arbitrary code execution"
}
JVNDB-2013-000103
Vulnerability from jvndb - Published: 2013-11-12 14:33 - Updated:2013-11-15 10:22Summary
Ichitaro series vulnerable to arbitrary code execution
Details
The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution.
This vulnerability differs from other issues that were previously published on JVN.
For more information, please refer to the developer's website.
References
| Type | URL | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000103.html",
"dc:date": "2013-11-15T10:22+09:00",
"dcterms:issued": "2013-11-12T14:33+09:00",
"dcterms:modified": "2013-11-15T10:22+09:00",
"description": "The \"Ichitaro\" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution.\r\nThis vulnerability differs from other issues that were previously published on JVN.\r\n\r\nFor more information, please refer to the developer\u0027s website.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000103.html",
"sec:cpe": [
{
"#text": "cpe:/a:justsystems:ichitaro",
"@product": "Ichitaro",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:ichitaro_government",
"@product": "Ichitaro Government",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:ichitaro_portable",
"@product": "Ichitaro Portable",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:ichitaro_pro",
"@product": "Ichitaro Pro",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:ichitaro_viewer",
"@product": "Ichitaro Viewer",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "9.3",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000103",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN44999463/index.html",
"@id": "JVN#44999463",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5990",
"@id": "CVE-2013-5990",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5990",
"@id": "CVE-2013-5990",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/ciadr/vul/20131112-jvn.html",
"@id": "Security Alert for Ichitaro series",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "http://www.npa.go.jp/cyberpolice/topics/?seq=12597",
"@id": "Vulnerability in JustSystems products",
"@source": "AT-POLICE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
}
],
"title": "Ichitaro series vulnerable to arbitrary code execution"
}
JVNDB-2013-000058
Vulnerability from jvndb - Published: 2013-06-18 15:17 - Updated:2013-06-26 14:49Summary
Ichitaro series vulnerable to arbitrary code execution
Details
The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution.
This vulnerability differs from other issues that were previously published on JVN.
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000058.html",
"dc:date": "2013-06-26T14:49+09:00",
"dcterms:issued": "2013-06-18T15:17+09:00",
"dcterms:modified": "2013-06-26T14:49+09:00",
"description": "The \"Ichitaro\" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution.\r\nThis vulnerability differs from other issues that were previously published on JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000058.html",
"sec:cpe": [
{
"#text": "cpe:/a:justsystems:ichitaro",
"@product": "Ichitaro",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:ichitaro_government",
"@product": "Ichitaro Government",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:ichitaro_portable",
"@product": "Ichitaro Portable",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:ichitaro_pro",
"@product": "Ichitaro Pro",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:ichitaro_viewer",
"@product": "Ichitaro Viewer",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:justschool",
"@product": "Just School",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "9.3",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000058",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN98712361/index.html",
"@id": "JVN#98712361",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3644",
"@id": "CVE-2013-3644",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3644",
"@id": "CVE-2013-3644",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/ciadr/vul/20130618-jvn.html",
"@id": "Security Alert for Vulnerability in the Ichitaro Series",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
}
],
"title": "Ichitaro series vulnerable to arbitrary code execution"
}
JVNDB-2013-000015
Vulnerability from jvndb - Published: 2013-02-26 14:45 - Updated:2013-02-26 14:45Summary
Multiple JustSystems products vulnerable to arbitrary code execution
Details
Multiple products provided by JustSystems Corporation contain a vulnerability that may allow arbitrary code execution.
For more information, refer to the information provided by the developer.
References
| Type | URL | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000015.html",
"dc:date": "2013-02-26T14:45+09:00",
"dcterms:issued": "2013-02-26T14:45+09:00",
"dcterms:modified": "2013-02-26T14:45+09:00",
"description": "Multiple products provided by JustSystems Corporation contain a vulnerability that may allow arbitrary code execution.\r\n\r\nFor more information, refer to the information provided by the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000015.html",
"sec:cpe": [
{
"#text": "cpe:/a:justsystems:hanako",
"@product": "Hanako",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:ichitaro",
"@product": "Ichitaro",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000015",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN16817324/index.html",
"@id": "JVN#16817324",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0707",
"@id": "CVE-2013-0707",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0707",
"@id": "CVE-2013-0707",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/about/press/20130226.html",
"@id": "Security Alert for Vulnerability in Multiple JustSystems Products",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "http://www.symantec.com/connect/blogs/ichitaro-vulnerability-another-zero-day-exploit-wild",
"@id": "Ichitaro Vulnerability: Another Zero-Day Exploit in the Wild | Symantec Connect Community",
"@source": "Related document"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
}
],
"title": "Multiple JustSystems products vulnerable to arbitrary code execution"
}
JVNDB-2012-000089
Vulnerability from jvndb - Published: 2012-09-25 13:40 - Updated:2012-09-25 13:40Summary
ATOK for Android issue in the access permissions for the learning information file
Details
ATOK for Android provided by JUST Systems, contains an issue in the access permissions for the learning information file.
ATOK for Android provided by JUST Systems contains an issue where another application may access the learning information file which stores user input strings.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this information to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000089.html",
"dc:date": "2012-09-25T13:40+09:00",
"dcterms:issued": "2012-09-25T13:40+09:00",
"dcterms:modified": "2012-09-25T13:40+09:00",
"description": "ATOK for Android provided by JUST Systems, contains an issue in the access permissions for the learning information file.\r\n\r\nATOK for Android provided by JUST Systems contains an issue where another application may access the learning information file which stores user input strings.\r\n\r\nGaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this information to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000089.html",
"sec:cpe": {
"#text": "cpe:/a:justsystems:atok",
"@product": "ATOK",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2012-000089",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN93344001/index.html",
"@id": "JVN#93344001",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4016",
"@id": "CVE-2012-4016",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4016",
"@id": "CVE-2012-4016",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "ATOK for Android issue in the access permissions for the learning information file"
}
JVNDB-2012-000035
Vulnerability from jvndb - Published: 2012-04-24 13:37 - Updated:2012-05-09 19:49Summary
Multiple JustSystems products vulnerable to buffer overflow
Details
Multiple products provided by JustSystems Corporation contain a buffer overflow vulnerability.
Multiple products provided by JustSystems Corporation contain a buffer overflow vulnerability due to improper handling of image files.
Tielei Wang of Georgia Tech Information Security Center reported this vulnerability to JPCERT/CC via The Secunia Vulnerability Coordination Reward Programme (SVCRP).
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000035.html",
"dc:date": "2012-05-09T19:49+09:00",
"dcterms:issued": "2012-04-24T13:37+09:00",
"dcterms:modified": "2012-05-09T19:49+09:00",
"description": "Multiple products provided by JustSystems Corporation contain a buffer overflow vulnerability.\r\n\r\nMultiple products provided by JustSystems Corporation contain a buffer overflow vulnerability due to improper handling of image files.\r\n\r\nTielei Wang of Georgia Tech Information Security Center reported this vulnerability to JPCERT/CC via The Secunia Vulnerability Coordination Reward Programme (SVCRP).\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000035.html",
"sec:cpe": [
{
"#text": "cpe:/a:justsystems:ichitaro",
"@product": "Ichitaro",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:ichitaro_government",
"@product": "Ichitaro Government",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:ichitaro_portable",
"@product": "Ichitaro Portable",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:ichitaro_viewer",
"@product": "Ichitaro Viewer",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:justschool",
"@product": "Just School",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:just_frontier",
"@product": "Just Frontier",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:just_jump",
"@product": "Just Jump",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:rekishimail",
"@product": "Rekishimail",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:shuriken",
"@product": "Shuriken",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:justsystems:oreplug",
"@product": "oreplug",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2012-000035",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN09619876/index.html",
"@id": "JVN#09619876",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0269",
"@id": "CVE-2012-0269",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0269",
"@id": "CVE-2012-0269",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/english/vuln/201205_justsystem_en.html",
"@id": "Security Alert for Vulnerability in Multiple JustSystems Products",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "http://secunia.com/advisories/47363/",
"@id": "SA47363 JustSystems Multiple Products Two Vulnerabilities",
"@source": "SECUNIA"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-189",
"@title": "Numeric Errors(CWE-189)"
}
],
"title": "Multiple JustSystems products vulnerable to buffer overflow"
}
JVNDB-2012-000034
Vulnerability from jvndb - Published: 2012-04-24 13:36 - Updated:2012-04-24 13:36Summary
Multiple JustSystems products may insecurely load dynamic libraries
Details
Multiple JustSystems products may use unsafe methods for determining how to load DLL's.
Multiple JustSystems products contain an issue with the DLL search path, which may lead to insecurely loading dynamic libraries.
Naoto Katsumi of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000034.html",
"dc:date": "2012-04-24T13:36+09:00",
"dcterms:issued": "2012-04-24T13:36+09:00",
"dcterms:modified": "2012-04-24T13:36+09:00",
"description": "Multiple JustSystems products may use unsafe methods for determining how to load DLL\u0027s.\r\n\r\nMultiple JustSystems products contain an issue with the DLL search path, which may lead to insecurely loading dynamic libraries.\r\n\r\nNaoto Katsumi of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000034.html",
"sec:cpe": [
{
"#text": "cpe:/a:justsystems:ichitaro",
"@product": "Ichitaro",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:ichitaro_government",
"@product": "Ichitaro Government",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:ichitaro_portable",
"@product": "Ichitaro Portable",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:ichitaro_viewer",
"@product": "Ichitaro Viewer",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:justschool",
"@product": "Just School",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:just_frontier",
"@product": "Just Frontier",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:just_jump",
"@product": "Just Jump",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:justsystems:oreplug",
"@product": "oreplug",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2012-000034",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN95378720/index.html",
"@id": "JVN#95378720",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1242",
"@id": "CVE-2012-1242",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1242",
"@id": "CVE-2012-1242",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple JustSystems products may insecurely load dynamic libraries"
}
JVNDB-2011-000043
Vulnerability from jvndb - Published: 2011-06-16 19:04 - Updated:2011-06-16 19:04Summary
Ichitaro series vulnerable to arbitrary code execution
Details
The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution.
This vulnerability differs from other issues that were previously published on JVN.
The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution.
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000043.html",
"dc:date": "2011-06-16T19:04+09:00",
"dcterms:issued": "2011-06-16T19:04+09:00",
"dcterms:modified": "2011-06-16T19:04+09:00",
"description": "The \"Ichitaro\" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution.\r\nThis vulnerability differs from other issues that were previously published on JVN.\r\n\r\nThe \"Ichitaro\" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000043.html",
"sec:cpe": [
{
"#text": "cpe:/a:justsystems:ichitaro",
"@product": "Ichitaro",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:ichitaro_government",
"@product": "Ichitaro Government",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:ichitaro_portable",
"@product": "Ichitaro Portable",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:ichitaro_pro",
"@product": "Ichitaro Pro",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:ichitaro_viewer",
"@product": "Ichitaro Viewer",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "9.3",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000043",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN87239473/index.html",
"@id": "JVN#87239473",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1331",
"@id": "CVE-2011-1331",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1331",
"@id": "CVE-2011-1331",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/english/vuln/201106_ichitaro_en.html",
"@id": "Security Alert for Vulnerability in the Ichitaro Series",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
}
],
"title": "Ichitaro series vulnerable to arbitrary code execution"
}
JVNDB-2010-000053
Vulnerability from jvndb - Published: 2010-11-04 19:11 - Updated:2010-11-05 16:15Summary
Ichitaro series vulnerable to arbitrary code execution
Details
The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution.
This vulnerability differs from JVN#19173793, and other issues that were previously published on JVN.
References
| Type | URL | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000053.html",
"dc:date": "2010-11-05T16:15+09:00",
"dcterms:issued": "2010-11-04T19:11+09:00",
"dcterms:modified": "2010-11-05T16:15+09:00",
"description": "The \"Ichitaro\" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution.\r\n\r\nThis vulnerability differs from JVN#19173793, and other issues that were previously published on JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000053.html",
"sec:cpe": [
{
"#text": "cpe:/a:justsystems:ichitaro",
"@product": "Ichitaro",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:ichitaro_government",
"@product": "Ichitaro Government",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "9.3",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2010-000053",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN01948274/index.html",
"@id": "JVN#01948274",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3916",
"@id": "CVE-2010-3916",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3916",
"@id": "CVE-2010-3916",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/english/vuln/201011_ichitaro_en.html",
"@id": "Security Alert for Vulnerability in the Ichitaro Series",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "http://secunia.com/advisories/42099",
"@id": "SA42099",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/44637",
"@id": "44637",
"@source": "BID"
},
{
"#text": "http://www.vupen.com/english/advisories/2010/2885",
"@id": "VUPEN/ADV-2010-2885",
"@source": "VUPEN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
}
],
"title": "Ichitaro series vulnerable to arbitrary code execution"
}
JVNDB-2010-000052
Vulnerability from jvndb - Published: 2010-11-04 19:10 - Updated:2010-11-05 16:15Summary
Ichitaro series vulnerable to arbitrary code execution
Details
The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution.
This vulnerability differs from JVN#01948274, and other issues that were previously published on JVN.
References
| Type | URL | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000052.html",
"dc:date": "2010-11-05T16:15+09:00",
"dcterms:issued": "2010-11-04T19:10+09:00",
"dcterms:modified": "2010-11-05T16:15+09:00",
"description": "The \"Ichitaro\" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution.\r\n\r\nThis vulnerability differs from JVN#01948274, and other issues that were previously published on JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000052.html",
"sec:cpe": [
{
"#text": "cpe:/a:justsystems:ichitaro",
"@product": "Ichitaro",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:ichitaro_government",
"@product": "Ichitaro Government",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "9.3",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2010-000052",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN19173793/index.html",
"@id": "JVN#19173793",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3915",
"@id": "CVE-2010-3915",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3915",
"@id": "CVE-2010-3915",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/english/vuln/201011_ichitaro_en.html",
"@id": "Security Alert for Vulnerability in the Ichitaro Series",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "http://secunia.com/advisories/42099",
"@id": "SA42099",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/44637",
"@id": "44637",
"@source": "BID"
},
{
"#text": "http://www.vupen.com/english/advisories/2010/2885",
"@id": "VUPEN/ADV-2010-2885",
"@source": "VUPEN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
}
],
"title": "Ichitaro series vulnerable to arbitrary code execution"
}
JVNDB-2010-000024
Vulnerability from jvndb - Published: 2010-06-01 17:37 - Updated:2010-06-01 17:37Summary
Ichitaro series vulnerable to arbitrary code execution
Details
The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution.
This vulnerability is different from JVN#98467259.
The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution.
References
| Type | URL | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000024.html",
"dc:date": "2010-06-01T17:37+09:00",
"dcterms:issued": "2010-06-01T17:37+09:00",
"dcterms:modified": "2010-06-01T17:37+09:00",
"description": "The \"Ichitaro\" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution.\r\nThis vulnerability is different from JVN#98467259.\r\n\r\nThe \"Ichitaro\" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution.",
"link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000024.html",
"sec:cpe": [
{
"#text": "cpe:/a:justsystems:ichitaro",
"@product": "Ichitaro",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:justschool",
"@product": "Just School",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "9.3",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2010-000024",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN17293765/index.html",
"@id": "JVN#17293765",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2152",
"@id": "CVE-2010-2152",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2152",
"@id": "CVE-2010-2152",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/topics/alert20100602.html",
"@id": "alert20100602",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "http://www.ipa.go.jp/security/english/vuln/201006_ichitaro_en.html",
"@id": "Security Alert for Vulnerability in the Ichitaro Series",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "http://secunia.com/advisories/40008",
"@id": "SA40008",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/40472",
"@id": "40472",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/59037",
"@id": "59037",
"@source": "XF"
},
{
"#text": "http://www.vupen.com/english/advisories/2010/1283",
"@id": "VUPEN/ADV-2010-1283",
"@source": "VUPEN"
},
{
"#text": "http://osvdb.org/65050",
"@id": "65050",
"@source": "OSVDB"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
}
],
"title": "Ichitaro series vulnerable to arbitrary code execution"
}
JVNDB-2010-000015
Vulnerability from jvndb - Published: 2010-04-12 17:17 - Updated:2010-04-12 17:17Summary
Ichitaro series vulnerable to arbitrary code execution
Details
The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution.
The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution.
For more information, refer to the developer's website.
References
| Type | URL | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000015.html",
"dc:date": "2010-04-12T17:17+09:00",
"dcterms:issued": "2010-04-12T17:17+09:00",
"dcterms:modified": "2010-04-12T17:17+09:00",
"description": "The \"Ichitaro\" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution.\r\n\r\nThe \"Ichitaro\" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution.\r\nFor more information, refer to the developer\u0027s website.",
"link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000015.html",
"sec:cpe": {
"#text": "cpe:/a:justsystems:ichitaro",
"@product": "Ichitaro",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "9.3",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2010-000015",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN98467259/index.html",
"@id": "JVN#98467259",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1424",
"@id": "CVE-2010-1424",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1424",
"@id": "CVE-2010-1424",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/english/vuln/201004_ichitaro_en.html",
"@id": "Security Alert for Vulnerability in the Ichitaro Series",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "http://www.ipa.go.jp/security/topics/alert20100419.html",
"@id": "20100419",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "http://secunia.com/advisories/39256/",
"@id": "SA39256",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/39369",
"@id": "39369",
"@source": "BID"
},
{
"#text": "http://www.securitytracker.com/id?1023844",
"@id": "1023844",
"@source": "SECTRACK"
},
{
"#text": "http://www.vupen.com/english/advisories/2010/0854",
"@id": "VUPEN/ADV-2010-0854",
"@source": "VUPEN"
},
{
"#text": "http://osvdb.org/63651",
"@id": "63651",
"@source": "OSVDB"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
}
],
"title": "Ichitaro series vulnerable to arbitrary code execution"
}
JVNDB-2009-000057
Vulnerability from jvndb - Published: 2010-03-23 17:42 - Updated:2010-03-23 17:42Summary
ATOK screen lock bypass vulnerability
Details
ATOK from JustSystems Corporation contains a screen lock bypass vulnerability.
ATOK from JustSystems Corporation is a software for Japanese Kana-Kanji conversion. ATOK contains an issue with the restriction of launching external applications, which may lead to a screen lock bypass vulnerability.
Taku Kudo of Google Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000057.html",
"dc:date": "2010-03-23T17:42+09:00",
"dcterms:issued": "2010-03-23T17:42+09:00",
"dcterms:modified": "2010-03-23T17:42+09:00",
"description": "ATOK from JustSystems Corporation contains a screen lock bypass vulnerability.\r\n\r\nATOK from JustSystems Corporation is a software for Japanese Kana-Kanji conversion. ATOK contains an issue with the restriction of launching external applications, which may lead to a screen lock bypass vulnerability.\r\n\r\nTaku Kudo of Google Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000057.html",
"sec:cpe": [
{
"#text": "cpe:/a:justsystems:atok",
"@product": "ATOK",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:atok_smile",
"@product": "ATOK smile",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.2",
"@severity": "High",
"@type": "Base",
"@vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2009-000057",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN57040664/index.html",
"@id": "JVN#57040664",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4738",
"@id": "CVE-2009-4738",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4738",
"@id": "CVE-2009-4738",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/english/vuln/200909_atok_en.html",
"@id": "Security Alert for Vulnerability in ATOK",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "ATOK screen lock bypass vulnerability"
}
JVNDB-2009-000018
Vulnerability from jvndb - Published: 2010-03-23 17:42 - Updated:2010-03-23 17:42Summary
Ichitaro series buffer overflow vulnerability
Details
The "Ichitaro" series word processing software contains a buffer overflow vulnerability.
This vulnerability is different from JVN#29211062, JVN#32981509 and JVN#50495547.
The "Ichitaro" series word processing software, from JustSystems Corporation, contains an issue in the reading of Rich Text Files resulting in a buffer overflow vulnerability. When a user opens a specially crafted file locally or through a website, arbitrary code may be executed with privleges of the user.
Yuji Ukai of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000018.html",
"dc:date": "2010-03-23T17:42+09:00",
"dcterms:issued": "2010-03-23T17:42+09:00",
"dcterms:modified": "2010-03-23T17:42+09:00",
"description": "The \"Ichitaro\" series word processing software contains a buffer overflow vulnerability.\r\n\r\nThis vulnerability is different from JVN#29211062, JVN#32981509 and JVN#50495547.\r\n\r\nThe \"Ichitaro\" series word processing software, from JustSystems Corporation, contains an issue in the reading of Rich Text Files resulting in a buffer overflow vulnerability. When a user opens a specially crafted file locally or through a website, arbitrary code may be executed with privleges of the user.\r\n\r\nYuji Ukai of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000018.html",
"sec:cpe": {
"#text": "cpe:/a:justsystems:ichitaro",
"@product": "Ichitaro",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2009-000018",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN33846134/index.html",
"@id": "JVN#33846134",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4737",
"@id": "CVE-2009-4737",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4737",
"@id": "CVE-2009-4737",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/english/vuln/200904_ichitaro_en.html",
"@id": "Security Alert for Security Vulnerability in the Ichitaro Series",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "http://secunia.com/advisories/34611/",
"@id": "SA34611",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/34403",
"@id": "34403",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/49739",
"@id": "49739",
"@source": "XF"
},
{
"#text": "http://www.vupen.com/english/advisories/2009/0957",
"@id": "VUPEN/ADV-2009-0957",
"@source": "VUPEN"
},
{
"#text": "http://osvdb.org/53349",
"@id": "53349",
"@source": "OSVDB"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
}
],
"title": "Ichitaro series buffer overflow vulnerability"
}
JVNDB-2006-000734
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
Ichitaro buffer overflow vulnerability
Details
Ichitaro, word-processing software contains a buffer overflow vulnerability.
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000734.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Ichitaro, word-processing software contains a buffer overflow vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000734.html",
"sec:cpe": {
"#text": "cpe:/a:justsystems:ichitaro",
"@product": "Ichitaro",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2006-000734",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN90815371/index.html",
"@id": "JVN#90815371",
"@source": "JVN"
},
{
"#text": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5424",
"@id": "CVE-2006-5424",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5424",
"@id": "CVE-2006-5424",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/22386/",
"@id": "SA22386",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/20610",
"@id": "20610",
"@source": "BID"
},
{
"#text": "http://www.frsirt.com/english/advisories/2006/4092",
"@id": "FrSIRT/ADV-2006-4092",
"@source": "FRSIRT"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-399",
"@title": "Resource Management Errors(CWE-399)"
}
],
"title": "Ichitaro buffer overflow vulnerability"
}
JVNDB-2004-000591
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
Shuriken Pro3 S/MIME signature verification does not verify the From address
Details
Shuriken Pro3 contains a vulnerability in the S/MIME signature verification where the From address is not verified properly.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000591.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Shuriken Pro3 contains a vulnerability in the S/MIME signature verification where the From address is not verified properly.",
"link": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000591.html",
"sec:cpe": {
"#text": "cpe:/a:justsystems:shuriken",
"@product": "Shuriken",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2004-000591",
"sec:references": {
"#text": "http://jvn.jp/en/jp/JVNB410A83F/index.html",
"@id": "JVN#B410A83F",
"@source": "JVN"
},
"title": "Shuriken Pro3 S/MIME signature verification does not verify the From address"
}
JVNDB-2007-000877
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
Ichitaro series buffer overflow vulnerability
Details
The "Ichitaro" series word processing software contains a buffer overflow vulnerability. This vulnerability is different from JVN#29211062 and JVN#50495547.
The "Ichitaro" series word processing software, from JustSystems Corporation, contains a buffer overflow vulnerability. If a user opens a specially crafted jtd file or views it on a web browser, an attacker could execute arbitrary code with the privileges of the user.
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000877.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "The \"Ichitaro\" series word processing software contains a buffer overflow vulnerability. This vulnerability is different from JVN#29211062 and JVN#50495547.\r\n\r\nThe \"Ichitaro\" series word processing software, from JustSystems Corporation, contains a buffer overflow vulnerability. If a user opens a specially crafted jtd file or views it on a web browser, an attacker could execute arbitrary code with the privileges of the user.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000877.html",
"sec:cpe": {
"#text": "cpe:/a:justsystems:ichitaro",
"@product": "Ichitaro",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000877",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN32981509/index.html",
"@id": "JVN#32981509",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5687",
"@id": "CVE-2007-5687",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5687",
"@id": "CVE-2007-5687",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/27393",
"@id": "SA27393",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/26206",
"@id": "26206",
"@source": "BID"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/3623",
"@id": "FrSIRT/ADV-2007-3623",
"@source": "FRSIRT"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
}
],
"title": "Ichitaro series buffer overflow vulnerability"
}
JVNDB-2006-000812
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
Hanako buffer overflow vulnerability
Details
Hanako, graphics authoring software from Justsystems, contains a buffer overflow vulnerability.
References
| Type | URL | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000812.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Hanako, graphics authoring software from Justsystems, contains a buffer overflow vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000812.html",
"sec:cpe": [
{
"#text": "cpe:/a:justsystems:hanako",
"@product": "Hanako",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:hanako_viewer",
"@product": "Hanako Viewer",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2006-000812",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN47272891/index.html",
"@id": "JVN#47272891",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6400",
"@id": "CVE-2006-6400",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6400",
"@id": "CVE-2006-6400",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/23185/",
"@id": "SA23185",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/21445",
"@id": "21445",
"@source": "BID"
},
{
"#text": "http://securitytracker.com/id?1017336",
"@id": "1017336",
"@source": "SECTRACK"
},
{
"#text": "http://www.frsirt.com/english/advisories/2006/4857",
"@id": "FrSIRT/ADV-2006-4857",
"@source": "FRSIRT"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
}
],
"title": "Hanako buffer overflow vulnerability"
}
JVNDB-2008-000001
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
Multiple JustSystems products vulnerable to buffer overflow
Details
Multiple JustSystems products are vulnerable to buffer overflow.
Multiple JustSystems products contain a vulnerability which allows a remote attacker to cause buffer overflow when a user opens or views a specially crafted .jtd file.
Multiple products are affected by this vulnerability.
For details, see the information provided by JustSystems.
References
| Type | URL | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000001.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Multiple JustSystems products are vulnerable to buffer overflow.\r\n\r\nMultiple JustSystems products contain a vulnerability which allows a remote attacker to cause buffer overflow when a user opens or views a specially crafted .jtd file.\r\n\r\nMultiple products are affected by this vulnerability.\r\nFor details, see the information provided by JustSystems.",
"link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000001.html",
"sec:cpe": {
"#text": "cpe:/a:justsystems:ichitaro",
"@product": "Ichitaro",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2008-000001",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN08237857/index.html",
"@id": "JVN#08237857",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0223",
"@id": "CVE-2008-0223",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0223",
"@id": "CVE-2008-0223",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/english/vuln/200801_JustSystem_press_en.html",
"@id": "Security Alert for Vulnerability in Multiple JustSystems Products",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20080107",
"@id": "FFRRA-20080107",
"@source": "FFRRA"
},
{
"#text": "http://secunia.com/advisories/28275",
"@id": "SA28275",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/27153",
"@id": "27153",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/39501",
"@id": "39501",
"@source": "XF"
},
{
"#text": "http://www.frsirt.com/english/advisories/2008/0045",
"@id": "FrSIRT/ADV-2008-0045",
"@source": "FRSIRT"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
}
],
"title": "Multiple JustSystems products vulnerable to buffer overflow"
}
JVNDB-2005-000775
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2010-10-12 16:44Summary
Vulnerability involving security zone handling in applications using Internet Explorer components
Details
Internet Explorer (IE) components apply different security levels for web content processing depending on the location (zone) of the web content.
As a result, web content on the Internet is processed in the "Internet" zone with a higher security level than that set for web content in the "Intranet" zone.
However, we have confirmed that some applications using IE components may process web content in an inappropriate zone.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000775.html",
"dc:date": "2010-10-12T16:44+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2010-10-12T16:44+09:00",
"description": "Internet Explorer (IE) components apply different security levels for web content processing depending on the location (zone) of the web content.\r\n\r\nAs a result, web content on the Internet is processed in the \"Internet\" zone with a higher security level than that set for web content in the \"Intranet\" zone.\r\n\r\nHowever, we have confirmed that some applications using IE components may process web content in an inappropriate zone.",
"link": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000775.html",
"sec:cpe": [
{
"#text": "cpe:/a:fujitsu:atlas",
"@product": "ATLAS",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:atlas_translation",
"@product": "ATLAS Translation",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:bizlingo",
"@product": "BizLingo",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:es_at_school",
"@product": "ES@SCHOOL",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:hiragana_navi",
"@product": "Hiragana Navi",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:japanist",
"@product": "Japanist",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:rakuraku_browser",
"@product": "Rakuraku Browser",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:rakuraku_mail",
"@product": "Rakuraku Mail",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:simplia_jf_clientmate",
"@product": "SIMPLIA/JF ClientMate",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:simplia_tf-webtest",
"@product": "SIMPLIA/TF-WebTest",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:translation_surfin",
"@product": "Translation Surfin",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:dnasis_pro",
"@product": "DNASIS Pro",
"@vendor": "Hitachi Software Engineering Co.,Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:justsystems:netas_seed",
"@product": "NETA\u0027s Seed",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:paper_2001",
"@product": "Paper 2001",
"@vendor": "YMIRLINK Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:paper_copi",
"@product": "Paper copi",
"@vendor": "YMIRLINK Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2005-000775",
"sec:references": {
"#text": "http://jvn.jp/en/jp/JVN257C6F28/index.html",
"@id": "JVN#257C6F28",
"@source": "JVN"
},
"title": "Vulnerability involving security zone handling in applications using Internet Explorer components"
}
JVNDB-2007-000878
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
Ichitaro series buffer overflow vulnerability
Details
The "Ichitaro" series word processing software contains a buffer overflow vulnerability. This vulnerability is different from JVN#29211062 and JVN#32981509.
The "Ichitaro" series word processing software, from JustSystems Corporation, contains a buffer overflow vulnerability. If a user opens a specially crafted jtd file or views it on a web browser, an attacker could execute arbitrary code with the privileges of the user.
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000878.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "The \"Ichitaro\" series word processing software contains a buffer overflow vulnerability. This vulnerability is different from JVN#29211062 and JVN#32981509.\r\n\r\nThe \"Ichitaro\" series word processing software, from JustSystems Corporation, contains a buffer overflow vulnerability. If a user opens a specially crafted jtd file or views it on a web browser, an attacker could execute arbitrary code with the privileges of the user.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000878.html",
"sec:cpe": {
"#text": "cpe:/a:justsystems:ichitaro",
"@product": "Ichitaro",
"@vendor": "JustSystems Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000878",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN50495547/index.html",
"@id": "JVN#50495547",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5687",
"@id": "CVE-2007-5687",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5687",
"@id": "CVE-2007-5687",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/27393",
"@id": "SA27393",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/26206",
"@id": "26206",
"@source": "BID"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/3623",
"@id": "FrSIRT/ADV-2007-3623",
"@source": "FRSIRT"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
}
],
"title": "Ichitaro series buffer overflow vulnerability"
}
CVE-2022-36344 (GCVE-0-2022-36344)
Vulnerability from nvd – Published: 2022-08-16 07:03 – Updated: 2024-08-03 10:00
VLAI
Summary
An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect.
Severity
No CVSS data available.
CWE
- Unquoted Search Path or Element
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.justsystems.com/jp/corporate/info/js2… | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN57073973/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| JustSystems Corporation | JustSystems JUST Online Update for J-License' |
Affected:
JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:00:04.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.justsystems.com/jp/corporate/info/js22001.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN57073973/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "JustSystems JUST Online Update for J-License\u0027",
"vendor": "JustSystems Corporation",
"versions": [
{
"status": "affected",
"version": "JustSystems JUST Online Update for J-License\u0027 bundled with multiple products for corporate users as in Ichitaro through Pro5 and others"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unquoted search path vulnerability exists in \u0027JustSystems JUST Online Update for J-License\u0027 bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unquoted Search Path or Element",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-16T07:03:05.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.justsystems.com/jp/corporate/info/js22001.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN57073973/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-36344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "JustSystems JUST Online Update for J-License\u0027",
"version": {
"version_data": [
{
"version_value": "JustSystems JUST Online Update for J-License\u0027 bundled with multiple products for corporate users as in Ichitaro through Pro5 and others"
}
]
}
}
]
},
"vendor_name": "JustSystems Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unquoted search path vulnerability exists in \u0027JustSystems JUST Online Update for J-License\u0027 bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unquoted Search Path or Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.justsystems.com/jp/corporate/info/js22001.html",
"refsource": "MISC",
"url": "https://www.justsystems.com/jp/corporate/info/js22001.html"
},
{
"name": "https://jvn.jp/en/jp/JVN57073973/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN57073973/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-36344",
"datePublished": "2022-08-16T07:03:05.000Z",
"dateReserved": "2022-07-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:00:04.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36344 (GCVE-0-2022-36344)
Vulnerability from cvelistv5 – Published: 2022-08-16 07:03 – Updated: 2024-08-03 10:00
VLAI
Summary
An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect.
Severity
No CVSS data available.
CWE
- Unquoted Search Path or Element
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.justsystems.com/jp/corporate/info/js2… | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN57073973/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| JustSystems Corporation | JustSystems JUST Online Update for J-License' |
Affected:
JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:00:04.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.justsystems.com/jp/corporate/info/js22001.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN57073973/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "JustSystems JUST Online Update for J-License\u0027",
"vendor": "JustSystems Corporation",
"versions": [
{
"status": "affected",
"version": "JustSystems JUST Online Update for J-License\u0027 bundled with multiple products for corporate users as in Ichitaro through Pro5 and others"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unquoted search path vulnerability exists in \u0027JustSystems JUST Online Update for J-License\u0027 bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unquoted Search Path or Element",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-16T07:03:05.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.justsystems.com/jp/corporate/info/js22001.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN57073973/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-36344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "JustSystems JUST Online Update for J-License\u0027",
"version": {
"version_data": [
{
"version_value": "JustSystems JUST Online Update for J-License\u0027 bundled with multiple products for corporate users as in Ichitaro through Pro5 and others"
}
]
}
}
]
},
"vendor_name": "JustSystems Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unquoted search path vulnerability exists in \u0027JustSystems JUST Online Update for J-License\u0027 bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unquoted Search Path or Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.justsystems.com/jp/corporate/info/js22001.html",
"refsource": "MISC",
"url": "https://www.justsystems.com/jp/corporate/info/js22001.html"
},
{
"name": "https://jvn.jp/en/jp/JVN57073973/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN57073973/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-36344",
"datePublished": "2022-08-16T07:03:05.000Z",
"dateReserved": "2022-07-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:00:04.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}