Lucene search

MitreCVE-2006-4326

HistoryAug 24, 2006 - 1:04 a.m.

CVE-2006-4326

2006-08-2401:04:00

CWE-119

mitre

web.nvd.nist.gov

vulnerability

buffer overflow

ichitaro

remote code execution

cve-2006-4326

justsystem

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

High

EPSS

0.309

Percentile

97.0%

JSON

Stack-based buffer overflow in Justsystem Ichitaro 9.x through 13.x, Ichitaro 2004, 2005, 2006, and Government 2006; Ichitaro for Linux; and FormLiner before 20060818 allows remote attackers to execute arbitrary code via long Unicode strings in a crafted document, as being actively exploited by malware such as Trojan.Tarodrop. NOTE: some details are obtained from third party information.

Affected configurations

Nvd

Node

justsystemformliner

justsystemichitaroMatch9.0

justsystemichitaroMatch10.0

justsystemichitaroMatch11.0

justsystemichitaroMatch12.0

justsystemichitaroMatch13.0

justsystemichitaroMatch2004

justsystemichitaroMatch2005

justsystemichitaroMatch2006

justsystemichitaro_governmentMatch2006

VendorProductVersionCPE
justsystemformliner*cpe:2.3:a:justsystem:formliner:*:*:*:*:*:*:*:*
justsystemichitaro9.0cpe:2.3:a:justsystem:ichitaro:9.0:*:*:*:*:*:*:*
justsystemichitaro10.0cpe:2.3:a:justsystem:ichitaro:10.0:*:*:*:*:*:*:*
justsystemichitaro11.0cpe:2.3:a:justsystem:ichitaro:11.0:*:*:*:*:*:*:*
justsystemichitaro12.0cpe:2.3:a:justsystem:ichitaro:12.0:*:*:*:*:*:*:*
justsystemichitaro13.0cpe:2.3:a:justsystem:ichitaro:13.0:*:*:*:*:*:*:*
justsystemichitaro2004cpe:2.3:a:justsystem:ichitaro:2004:*:*:*:*:*:*:*
justsystemichitaro2005cpe:2.3:a:justsystem:ichitaro:2005:*:*:*:*:*:*:*
justsystemichitaro2006cpe:2.3:a:justsystem:ichitaro:2006:*:*:*:*:*:*:*
justsystemichitaro_government2006cpe:2.3:a:justsystem:ichitaro_government:2006:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
justsystem	formliner	*	cpe:2.3:a:justsystem:formliner::::::::
justsystem	ichitaro	9.0	cpe:2.3:a:justsystem:ichitaro:9.0:::::::*
justsystem	ichitaro	10.0	cpe:2.3:a:justsystem:ichitaro:10.0:::::::*
justsystem	ichitaro	11.0	cpe:2.3:a:justsystem:ichitaro:11.0:::::::*
justsystem	ichitaro	12.0	cpe:2.3:a:justsystem:ichitaro:12.0:::::::*
justsystem	ichitaro	13.0	cpe:2.3:a:justsystem:ichitaro:13.0:::::::*
justsystem	ichitaro	2004	cpe:2.3:a:justsystem:ichitaro:2004:::::::*
justsystem	ichitaro	2005	cpe:2.3:a:justsystem:ichitaro:2005:::::::*
justsystem	ichitaro	2006	cpe:2.3:a:justsystem:ichitaro:2006:::::::*
justsystem	ichitaro_government	2006	cpe:2.3:a:justsystem:ichitaro_government:2006:::::::*

References

secunia.com/advisories/21552

www.justsystem.co.jp/info/pd6002.html

www.securityfocus.com/bid/19550

www.symantec.com/enterprise/security_response/weblog/2006/08/justsystems_ichitaro_0day_used.html

www.symantec.com/enterprise/security_response/writeup.jsp?docid=2006-081615-5201-99

www.vupen.com/english/advisories/2006/3332

exchange.xforce.ibmcloud.com/vulnerabilities/28484

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

High

EPSS

0.309

Percentile

97.0%

JSON

Related for CVE-2006-4326