CVSS: 9.8EPSS: 0%CPEs: 61EXPL: 0CVE-2022-36344
https://notcve.org/view.php?id=CVE-2022-36344
An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect. Se presenta una vulnerabilidad de ruta de búsqueda no citada en "JustSystems JUST Online Update for J-License" incluido en múltiples productos para usuarios corporativos como en Ichitaro a través de Pro5 y otros. Dado que el producto afectado inicia otro programa con una ruta de archivo no citada, puede ejecutarse un archivo malicioso con el privilegio del servicio de Windows si es colocada en una ruta determinada. • https://jvn.jp/en/jp/JVN57073973/index.html https://www.justsystems.com/jp/corporate/info/js22001.html • CWE-428: Unquoted Search Path or Element •
CVSS: 10.0EPSS: 7%CPEs: 18EXPL: 0CVE-2013-3644
https://notcve.org/view.php?id=CVE-2013-3644
Unspecified vulnerability in JustSystems Ichitaro 2006 through 2013; Ichitaro Pro through 2; Ichitaro Government 6, 7, and 2006 through 2010; Ichitaro Portable with oreplug; Ichitaro Viewer; and Ichitaro JUST School through 2010 allows remote attackers to execute arbitrary code via a crafted document. Vulnerabilidad sin especificar en JustSystems Ichitaro 2006 a la 2013; Ichitaro Pro a la 2; Ichitaro Government 6, 7, y 2006 a la 2010; Ichitaro Portable con oreplug; Ichitaro Viewer; y Ichitaro JUST School a la 2010, permite a atacantes remotos ejecutar código arbitrario a través de un documento manipulado. • http://jvn.jp/en/jp/JVN98712361/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000058 http://www.justsystems.com/jp/info/js13002.html •
CVSS: 6.9EPSS: 0%CPEs: 20EXPL: 0CVE-2012-1242
https://notcve.org/view.php?id=CVE-2012-1242
Untrusted search path vulnerability in JustSystems Ichitaro 2011 Sou, Ichitaro 2006 through 2011, Ichitaro Government 2006 through 2010, Ichitaro Portable with oreplug, Ichitaro Viewer, JUST School, JUST School 2009 and 2010, JUST Jump 4, JUST Frontier, and oreplug allows local users to gain privileges via a Trojan horse DLL in the current working directory. Vulnerabilidad de busqueda de ruta no comprobada en JustSystems Ichitaro v2011 Sou, Ichitaro v2006 hasta v2011, Ichitaro Government v2006 hasta v2010, Ichitaro Portable con oreplug, Ichitaro Viewer, únicamente School, únicamente School v2009 y v2010, unicamente Jump 4, unicamente Frontier, y oreplug que permite a usuarios locales obtener privilegios a traves de un DLL troyanizado en el directorio actual de trabajo. • http://jvn.jp/en/jp/JVN95378720/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2012-000034 http://osvdb.org/81472 http://www.justsystems.com/jp/info/js12001.html •
CVSS: 9.3EPSS: 5%CPEs: 32EXPL: 0CVE-2012-0269
https://notcve.org/view.php?id=CVE-2012-0269
Buffer overflow in JustSystems Ichitaro 2011 Sou, Ichitaro 2006 through 2011, Ichitaro Government 2006 through 2010, Ichitaro Portable with oreplug, Ichitaro Viewer, JUST School, JUST School 2009 and 2010, JUST Jump 4, JUST Frontier, oreplug, Shuriken Pro4, Shuriken 2007 through 2010, Shuriken Pro4 Corporate Edition, Shuriken CE/2007 through CE/2009 Corporate Edition, Shuriken 2010 Corporate Edition, Rekishimail Sengokubusho no missho, and Bakumatsushishi no missho allows remote attackers to execute arbitrary code via a crafted image file. Desbordamiento de buffer en JustSystems Ichitaro v2011 Sou, Ichitaro v2006 hasta v2011, Ichitaro Government v2006 hasta v2010, Ichitaro Portable con oreplug, Ichitaro Viewer, únicamente School, únicamente School v2009 y v2010, únicamente Jump v4, únicamente Frontier, oreplug, Shuriken Pro4, Shuriken v2007 hasta v2010, Shuriken Pro4 Corporate Edition, Shuriken CE/2007 hasta CE/2009 Corporate Edition, Shuriken v2010 Corporate Edition, Rekishimail Sengokubusho no missho, y Bakumatsushishi no missho que permite a atacantes remotos ejecutar código de su elección mediante un fichero de imagen modificado. • http://jvn.jp/en/jp/JVN09619876/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2012-000035 http://www.justsystems.com/jp/info/js12001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 7%CPEs: 12EXPL: 0CVE-2010-2152
https://notcve.org/view.php?id=CVE-2010-2152
Unspecified vulnerability in JustSystems Ichitaro 2004 through 2009, Ichitaro Government 2006 through 2009, and Just School 2008 and 2009 allows remote attackers to execute arbitrary code via unknown vectors related to "product character attribute processing" for a document. Vulnerabilidad sin expecificar de JustSystems Ichitaro 2004 hasta 2009, Ichitaro Government 2006 hasta 2009, y Just School 2008 y 2009 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos relacionado con "el procesamiento de los atributos de las características de un producto" para un documento. • http://jvn.jp/en/jp/JVN17293765/index.html http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000024.html http://osvdb.org/65050 http://secunia.com/advisories/40008 http://www.ipa.go.jp/about/press/20100601.html http://www.justsystems.com/jp/info/js10002.html http://www.securityfocus.com/bid/40472 http://www.vupen.com/english/advisories/2010/1283 https://exchange.xforce.ibmcloud.com/vulnerabilities/59037 •