HOMEIT SecurityMeasures for Information Security VulnerabilitiesIPA/ISEC:Vulnerabilities:Security Alert for Security Vulnerability in the Ichitaro Series
April 7, 2009
>> JAPANESE
The Information-technology Promotion Agency (IPA, Chairman Koji Nishigaki) announced a security alert on April 7, 2009 concerning security vulnerability in the Ichitaro series.
When the user of the Ichitaro series views a maliciously crafted document file via web browsers or e-mail, this vulnerability causes an arbitrary code to be executed.
If exploited, the computer may become under the control of an attacker with malicious intent. Involuntary operations may occur such as the execution of unintended programs, file deletions, and the installation of malicious tools such as viruses and bots.
To fix this vulnerability, update to the fixed version supplied by the vendor.
The Ichitaro series produced by JustSystems Corporation is a Japanese word-processing software. It is widely used in Japan domestically as one of the software options to create word documents.
The Ichitaro series contains a buffer overflow vulnerability due to a flaw in reading in document files. If exploited, there is the possibility that an arbitrary code may be executed on the Ichitaro series installed computer.
This security alert was released due to the large effect expected by the vulnerability and the existence of a vast number of domestic users that would be affected due to the popularity of the Ichitaro series.
For detailed information, refer to the following URL:
http://www.justsystems.com/jp/info/js09002.html (Japanese)
For the latest information, refer to the following URL:
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000018.html (Japanese)
The IPA first received a report concerning this vulnerability through the creditee below on February 12, 2009, and the JPCERT Coordination Center (JPCERT/CC), in line with the Information Security Early Warning Partnership, made adjustments to clarify the matter with the vendor and made the announcement public on April 7, 2009.
Credit: Yuji Ukai, Fourteenforty Research Institute, Inc.
When an Ichitaro series user views a maliciously crafted document file via web browsers or e-mail, there is the possibility that systems may be crashed and/or infected with viruses and bots.
Especially when viewing such a document in web browser, depending on the settings and the kind of web browser, there is the possibility that damage may be done by simply accessing a malicious URL even without opening the malicious file after downloading it.
As a result, the computer may be compromised and become under the control of an attacker.
To fix this vulnerability, update to the fixed version supplied by the vendor.
| Severity Rating (CVSS base score) |
□ Low (0.0~3.9) |
■ Medium (4.0~6.9) |
□ High (7.0~10.0) |
|---|---|---|---|
| CVSS base score | 6.8 |
| AV:Access Vector | □ Local | □ Adjacent Network |
■ Network |
|---|---|---|---|
| AC:Access Complexity | □ High | ■ Medium | □ Low |
| Au:Authentication | □ Multiple | □ Single | ■ None |
| C:Confidentiality Impact | □ None | ■ Partial | □ Complete |
| I:Integrity Impact | □ None | ■ Partial | □ Complete |
| A:Availability Impact | □ None | ■ Partial | □ Complete |
■:Selected Values
IT Security Center,
Information-technology Promotion Agency, Japan (ISEC/IPA)
E-mail: 
