Font Size Change

HOMEIT SecurityMeasures for Information Security VulnerabilitiesIPA/ISEC:Vulnerabilities:Security Alert for Vulnerability in the Ichitaro Series

PRINT PAGE

IT Security

IPA/ISEC:Vulnerabilities:Security Alert for Vulnerability in the Ichitaro Series

Published: Nov 4, 2010
>> JAPANESE

Information-technology Promotion Agency, Japan (IPA, Chairman Kazumasa Fujie) has issued a security alert concerning security vulnerability in the Ichitaro Series on November 4, 2010.
This vulnerability causes arbitrary code to be executed when the user of an affected system opens a maliciously crafted document file in web browsers or via e-mail using the Ichitaro series.

To fix this vulnerability, update the software to the fixed version provided by the product vendor.

1.Overview

The Ichitaro series developed by JustSystems Corporation is a Japanese word-processing software. It is widely used in Japan domestically as one of the software options to create word documents.
The Ichitaro series is vulnerable to arbitrary code execution due to a flaw in a way it loads a document file. If exploited, an attacker could execute arbitrary code on the computer installed with the Ichitaro series.

To get a fixed version, go to the following URL:
http://www.justsystems.com/jp/info/js10003.html (Japanese)

For the latest information, refer to the following URL:
http://jvndb.jvn.jp/jvndb/JVNDB-2010-000052
http://jvndb.jvn.jp/jvndb/JVNDB-2010-000053

IPA and JPCERT Coordination Center (JPCERT/CC) received a report concerning this vulnerability directly from the product vendor on October 26, 2010, and released it today.

2.Impact

An attacker could install malicious programs or altering and deleting data, when the user on an affected system opens a maliciously crafted document file in web browsers or e-mail. Especially when viewing such a document in web browsers, depending on the settings and the kind of web browser, there is the possibility that harm may be done by just accessing a malicious URL.

Security Alert for Vulnerability in Ichitaro Series

3.Solution

To fix this vulnerability, update the software to the fixed version provided by the product vendor.

4.CVSS Severity

(1)Evaluation Result

Severity Rating
(CVSS base score)
□ Low
(0.0~3.9)
Medium
(4.0~6.9)
High
(7.0~10.0)
CVSS base score  
9.3

(2) Base Score Metrics

AV:Access Vector □ Local □ Adjacent
 Network
■ Network
AC:Access Complexity □ High ■ Medium □ Low
Au:Authentication □ Multiple □ Single ■ None
C:Confidentiality Impact □ None □ Partial ■ Complete
I:Integrity Impact □ None □ Partial ■ Complete
A:Availability Impact □ None □ Partial ■ Complete

■:Selected Values

5.CWE Type

This vulnerability has been CWE classified as No Mapping (CWE-noinfo)"

Contact

IT Security Center,
Information-technology Promotion Agency, Japan (ISEC/IPA)
E-mail: