CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2017-10870
https://notcve.org/view.php?id=CVE-2017-10870
Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki 2018, Rakuraku Hagaki 2017, Rakuraku Hagaki 2016) and Rakuraku Hagaki Select for Ichitaro (Ichitaro 2017, Ichitaro 2016, Ichitaro 2015, Ichitaro Pro3, Ichitaro Pro2, Ichitaro Pro, Ichitaro 2011, Ichitaro Government 8, Ichitaro Government 7, Ichitaro Government 6 and Ichitaro 2017 Trial version) allows attackers to execute arbitrary code with privileges of the application via specially crafted file. Una vulnerabilidad de corrupción de memoria en Rakuraku Hagaki (Rakuraku Hagaki 2018, Rakuraku Hagaki 2017, Rakuraku Hagaki 2016) y Rakuraku Hagaki Select para Ichitaro (Ichitaro 2017, Ichitaro 2016, Ichitaro 2015, Ichitaro Pro3, Ichitaro Pro2, Ichitaro Pro, Ichitaro 2011, Ichitaro Government 8, Ichitaro Government 7, Ichitaro Government 6 e Ichitaro 2017 Trial version) permite que atacantes ejecuten código arbitrario con privilegios de la aplicación mediante archivos especialmente manipulados. • https://jvn.jp/en/vu/JVNVU93703434/index.html https://www.justsystems.com/jp/info/js17003.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2017-2154
https://notcve.org/view.php?id=CVE-2017-2154
Untrusted search path vulnerability in Hanako 2017, Hanako 2016, Hanako 2015, Hanako Pro 3, JUST Office 3 [Standard], JUST Office 3 [Eco Print Package], JUST Office 3 & Tri-De DataProtect Package, JUST Government 3, JUST Jump Class 2, JUST Frontier 3, JUST School 6 Premium, Hanako Police 5, JUST Police 3, Hanako 2017 trial version allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. Una vulnerabilidad de ruta (path) de búsqueda no confiable en Hanako 2017, Hanako 2016, Hanako 2015, Hanako Pro 3, JUST Office 3 [Estándar], Just Office 3 [Eco Print Package], JUST Office 3 & Tri-De DataProtect Package, JUST Government 3, JUST Jump Class 2, JUST Frontier 3, JUST School 6 Premium, Hanako Police 5, JUST Police 3, Hanako 2017 versión de prueba, permite a los atacantes remotos alcanzar privilegios por medio de un archivo DLL de tipo caballo de troya en un directorio no especificado. • https://jvn.jp/en/jp/JVN54268888/index.html https://www.justsystems.com/jp/info/js17002.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2791
https://notcve.org/view.php?id=CVE-2017-2791
JustSystems Ichitaro 2016 Trial contains a vulnerability that exists when trying to open a specially crafted PowerPoint file. Due to the application incorrectly handling the error case for a function's result, the application will use this result in a pointer calculation for reading file data into. Due to this, the application will read data from the file into an invalid address thus corrupting memory. Under the right conditions, this can lead to code execution under the context of the application. JustSystems Ichitaro 2016 Trial contiene una vulnerabilidad que existe al tratar de abrir un archivo de PowerPoint especialmente manipulado. • http://www.securityfocus.com/bid/96440 http://www.talosintelligence.com/reports/TALOS-2016-0199 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2790
https://notcve.org/view.php?id=CVE-2017-2790
When processing a record type of 0x3c from a Workbook stream from an Excel file (.xls), JustSystems Ichitaro Office trusts that the size is greater than zero, subtracts one from the length, and uses this result as the size for a memcpy. This results in a heap-based buffer overflow and can lead to code execution under the context of the application. Cuando se procesa un tipo de registro de 0x3c flujo Workbookdesde un archivo Excel (.xls), JustSystems Ichitaro Office confía que el tamaño es mayor que cero, substrae uno de la longitud, y utiliza este resultado como el tamaño de una memcpy. Esto resulta en un desbordamiento de búfer basado en memoria dinámica y puede conducir a ejecución de código bajo el contexto de la aplicación. • http://www.securityfocus.com/bid/96442 http://www.talosintelligence.com/reports/TALOS-2016-0197 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2789
https://notcve.org/view.php?id=CVE-2017-2789
When copying filedata into a buffer, JustSystems Ichitaro Office 2016 Trial will calculate two values to determine how much data to copy from the document. If both of these values are larger than the size of the buffer, the application will choose the smaller of the two and trust it to copy data from the file. This value is larger than the buffer size, which leads to a heap-based buffer overflow. This overflow corrupts an offset in the heap used in pointer arithmetic for writing data and can lead to code execution under the context of the application. Cuando se copian datos de archivos en un búfer, JustSystems Ichitaro Office 2016 Trial calculará dos valores para determinar cuantos datos copiar desde el documento. • http://www.securityfocus.com/bid/96438 http://www.talosintelligence.com/reports/TALOS-2016-0196 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •