jvndb-2012-000035
Vulnerability from jvndb
Published
2012-04-24 13:37
Modified
2012-05-09 19:49
Severity ?
() - -
Summary
Multiple JustSystems products vulnerable to buffer overflow
Details
Multiple products provided by JustSystems Corporation contain a buffer overflow vulnerability. Multiple products provided by JustSystems Corporation contain a buffer overflow vulnerability due to improper handling of image files. Tielei Wang of Georgia Tech Information Security Center reported this vulnerability to JPCERT/CC via The Secunia Vulnerability Coordination Reward Programme (SVCRP). JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
JVN http://jvn.jp/en/jp/JVN09619876/index.html
CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0269
NVD http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0269
IPA SECURITY ALERTS http://www.ipa.go.jp/security/english/vuln/201205_justsystem_en.html
SECUNIA http://secunia.com/advisories/47363/
Numeric Errors(CWE-189) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Impacted products
JustSystems CorporationIchitaro
JustSystems CorporationIchitaro Government
JustSystems CorporationIchitaro Portable
JustSystems CorporationIchitaro Viewer
JustSystems CorporationJust School
JustSystems CorporationJust Frontier
JustSystems CorporationJust Jump
JustSystems CorporationRekishimail
JustSystems CorporationShuriken
JustSystems Corporationoreplug
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000035.html",
  "dc:date": "2012-05-09T19:49+09:00",
  "dcterms:issued": "2012-04-24T13:37+09:00",
  "dcterms:modified": "2012-05-09T19:49+09:00",
  "description": "Multiple products provided by JustSystems Corporation contain a buffer overflow vulnerability.\r\n\r\nMultiple products provided by JustSystems Corporation contain a buffer overflow vulnerability due to improper handling of image files.\r\n\r\nTielei Wang of Georgia Tech Information Security Center reported this vulnerability to JPCERT/CC via The Secunia Vulnerability Coordination Reward Programme (SVCRP).\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000035.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:justsystems:ichitaro",
      "@product": "Ichitaro",
      "@vendor": "JustSystems Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:justsystems:ichitaro_government",
      "@product": "Ichitaro Government",
      "@vendor": "JustSystems Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:justsystems:ichitaro_portable",
      "@product": "Ichitaro Portable",
      "@vendor": "JustSystems Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:justsystems:ichitaro_viewer",
      "@product": "Ichitaro Viewer",
      "@vendor": "JustSystems Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:justsystems:justschool",
      "@product": "Just School",
      "@vendor": "JustSystems Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:justsystems:just_frontier",
      "@product": "Just Frontier",
      "@vendor": "JustSystems Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:justsystems:just_jump",
      "@product": "Just Jump",
      "@vendor": "JustSystems Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:justsystems:rekishimail",
      "@product": "Rekishimail",
      "@vendor": "JustSystems Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:justsystems:shuriken",
      "@product": "Shuriken",
      "@vendor": "JustSystems Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:justsystems:oreplug",
      "@product": "oreplug",
      "@vendor": "JustSystems Corporation",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "6.8",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2012-000035",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN09619876/index.html",
      "@id": "JVN#09619876",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0269",
      "@id": "CVE-2012-0269",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0269",
      "@id": "CVE-2012-0269",
      "@source": "NVD"
    },
    {
      "#text": "http://www.ipa.go.jp/security/english/vuln/201205_justsystem_en.html",
      "@id": "Security Alert for Vulnerability in Multiple JustSystems Products",
      "@source": "IPA SECURITY ALERTS"
    },
    {
      "#text": "http://secunia.com/advisories/47363/",
      "@id": "SA47363 JustSystems Multiple Products Two Vulnerabilities",
      "@source": "SECUNIA"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-189",
      "@title": "Numeric Errors(CWE-189)"
    }
  ],
  "title": "Multiple JustSystems products vulnerable to buffer overflow"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.