CVE-2007-5687

Sažetak

Multiple buffer overflows in the rich text processing functionality in JustSystems Ichitaro 2004 through 2007, 11 through 13, and other versions allow remote attackers to execute arbitrary code via a long (1) pard field or (2) font name in the fcharset0 field, which is not properly handled in (a) JSTARO4.OCX; or (3) a long title, which is not properly handled by (b) TJSVDA.DLL.

Reference

http://jvn.jp/jp/JVN%2329211062/index.html
http://jvn.jp/jp/JVN%2332981509/index.html
http://jvn.jp/jp/JVN%2350495547/index.html
http://osvdb.org/39394
http://secunia.com/advisories/27393
http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-1
http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-2
http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-3
http://www.ipa.go.jp/security/vuln/200710_Ichitaro.html
http://www.justsystems.com/jp/info/pd7004.html
http://www.securityfocus.com/bid/26206
http://www.vupen.com/english/advisories/2007/3623
https://exchange.xforce.ibmcloud.com/vulnerabilities/38129
https://exchange.xforce.ibmcloud.com/vulnerabilities/38130

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

29-07-2017 - 01:33

Objavljeno

28-10-2007 - 17:08