Published: May 8, 2012
>> JAPANESE

1.Overview

Multiple products from JustSystems, such as Japanese word processor “Ichitaro” series and email software “Shuriken”, have buffer overflow vulnerability when reading image files which could allow an attacker to execute arbitrary code on the target system.

Get the fixed version at the following URL and update the software.
http://www.justsystems.com/jp/info/js12001.html (Japanese)
For the latest information, refer to the following URL:
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000035

IPA and JPCERT Coordination Center (JPCERT/CC) received a report concerning this vulnerability directly from the product vendor on February 15, 2012, and released on April 24.

2.Impact

An attacker could destroy the system or infect it with viruses and bots when a user views malicious document files in web browser or opens malicious image files via email.

3.Solution

To fix this vulnerability, update the software to the latest version provided by the product vender.

4.CVSS Severity

(1)Evaluation Result

Severity Rating (CVSS base score)	□ Low (0.0~3.9)	■Medium (4.0~6.9)	□ High (7.0~10.0)
CVSS base score		6.8

(2) Base Score Metrics

AV:Access Vector	□ Local	□ Adjacent 　Network	■ Network
AC:Access Complexity	□ High	■ Medium	□ Low
Au:Authentication	□ Multiple	□ Single	■ None
C:Confidentiality Impact	□ None	■ Partial	□ Complete
I:Integrity Impact	□ None	■ Partial	□ Complete
A:Availability Impact	□ None	■ Partial	□ Complete

■:Selected Values

5.CWE Type

This vulnerability has been CWE classified as “Numeric Errors (CWE-189)”

Contact