CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45115
https://notcve.org/view.php?id=CVE-2022-45115
A buffer overflow vulnerability exists in the Attribute Arena functionality of Ichitaro 2022 1.0.1.57600. A specially crafted document can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. • https://jvn.jp/en/jp/JVN79149117 https://talosintelligence.com/vulnerability_reports/TALOS-2022-1684 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-22291
https://notcve.org/view.php?id=CVE-2023-22291
An invalid free vulnerability exists in the Frame stream parser functionality of Ichitaro 2022 1.0.1.57600. A specially crafted document can lead to an attempt to free a stack pointer, which causes memory corruption. An attacker can provide a malicious file to trigger this vulnerability. • https://jvn.jp/en/jp/JVN79149117 https://talosintelligence.com/vulnerability_reports/TALOS-2022-1687 • CWE-590: Free of Memory not on the Heap •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-22660
https://notcve.org/view.php?id=CVE-2023-22660
A heap-based buffer overflow vulnerability exists in the way Ichitaro version 2022 1.0.1.57600 processes certain LayoutBox stream record types. A specially crafted document can cause a buffer overflow, leading to memory corruption, which can result in arbitrary code execution.To trigger this vulnerability, the victim would need to open a malicious, attacker-created document. • https://jvn.jp/en/jp/JVN79149117 https://talosintelligence.com/vulnerability_reports/TALOS-2023-1722 • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 61EXPL: 0CVE-2022-36344
https://notcve.org/view.php?id=CVE-2022-36344
An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect. Se presenta una vulnerabilidad de ruta de búsqueda no citada en "JustSystems JUST Online Update for J-License" incluido en múltiples productos para usuarios corporativos como en Ichitaro a través de Pro5 y otros. Dado que el producto afectado inicia otro programa con una ruta de archivo no citada, puede ejecutarse un archivo malicioso con el privilegio del servicio de Windows si es colocada en una ruta determinada. • https://jvn.jp/en/jp/JVN57073973/index.html https://www.justsystems.com/jp/corporate/info/js22001.html • CWE-428: Unquoted Search Path or Element •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2017-10870
https://notcve.org/view.php?id=CVE-2017-10870
Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki 2018, Rakuraku Hagaki 2017, Rakuraku Hagaki 2016) and Rakuraku Hagaki Select for Ichitaro (Ichitaro 2017, Ichitaro 2016, Ichitaro 2015, Ichitaro Pro3, Ichitaro Pro2, Ichitaro Pro, Ichitaro 2011, Ichitaro Government 8, Ichitaro Government 7, Ichitaro Government 6 and Ichitaro 2017 Trial version) allows attackers to execute arbitrary code with privileges of the application via specially crafted file. Una vulnerabilidad de corrupción de memoria en Rakuraku Hagaki (Rakuraku Hagaki 2018, Rakuraku Hagaki 2017, Rakuraku Hagaki 2016) y Rakuraku Hagaki Select para Ichitaro (Ichitaro 2017, Ichitaro 2016, Ichitaro 2015, Ichitaro Pro3, Ichitaro Pro2, Ichitaro Pro, Ichitaro 2011, Ichitaro Government 8, Ichitaro Government 7, Ichitaro Government 6 e Ichitaro 2017 Trial version) permite que atacantes ejecuten código arbitrario con privilegios de la aplicación mediante archivos especialmente manipulados. • https://jvn.jp/en/vu/JVNVU93703434/index.html https://www.justsystems.com/jp/info/js17003.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •