Lucene search

JpcertCVE-2017-10870

HistoryNov 02, 2017 - 3:29 p.m.

CVE-2017-10870

2017-11-0215:29:00

CWE-119

jpcert

web.nvd.nist.gov

#vulnerability

#rakurakuhagaki

#ichitaro

#arbitrarycodeexecution

#memorycorruption

#nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

44.4%

JSON

Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki 2018, Rakuraku Hagaki 2017, Rakuraku Hagaki 2016) and Rakuraku Hagaki Select for Ichitaro (Ichitaro 2017, Ichitaro 2016, Ichitaro 2015, Ichitaro Pro3, Ichitaro Pro2, Ichitaro Pro, Ichitaro 2011, Ichitaro Government 8, Ichitaro Government 7, Ichitaro Government 6 and Ichitaro 2017 Trial version) allows attackers to execute arbitrary code with privileges of the application via specially crafted file.

Affected configurations

Nvd

Vulners

Node

justsystemseasy_postcard_2016Match-

justsystemseasy_postcard_2017Match-

justsystemseasy_postcard_2018Match-

justsystemsichitaro_2016Match-

justsystemsichitaro_2017Match-

justsystemsichitaro_2017_trial_versionMatch-

justsystemsichitaro_2018Match-

justsystemsichitaro_government_6Match-

justsystemsichitaro_government_7Match-

justsystemsichitaro_government_8Match-

justsystemsichitaro_proMatch-

justsystemsichitaro_pro_2Match-

justsystemsichitaro_pro_2011Match-

justsystemsichitaro_pro_3Match-

VendorProductVersionCPE
justsystemseasy_postcard_2016-cpe:2.3:a:justsystems:easy_postcard_2016:-:*:*:*:*:*:*:*
justsystemseasy_postcard_2017-cpe:2.3:a:justsystems:easy_postcard_2017:-:*:*:*:*:*:*:*
justsystemseasy_postcard_2018-cpe:2.3:a:justsystems:easy_postcard_2018:-:*:*:*:*:*:*:*
justsystemsichitaro_2016-cpe:2.3:a:justsystems:ichitaro_2016:-:*:*:*:*:*:*:*
justsystemsichitaro_2017-cpe:2.3:a:justsystems:ichitaro_2017:-:*:*:*:*:*:*:*
justsystemsichitaro_2017_trial_version-cpe:2.3:a:justsystems:ichitaro_2017_trial_version:-:*:*:*:*:*:*:*
justsystemsichitaro_2018-cpe:2.3:a:justsystems:ichitaro_2018:-:*:*:*:*:*:*:*
justsystemsichitaro_government_6-cpe:2.3:a:justsystems:ichitaro_government_6:-:*:*:*:*:*:*:*
justsystemsichitaro_government_7-cpe:2.3:a:justsystems:ichitaro_government_7:-:*:*:*:*:*:*:*
justsystemsichitaro_government_8-cpe:2.3:a:justsystems:ichitaro_government_8:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
justsystems	easy_postcard_2016	-	cpe:2.3:a:justsystems:easy_postcard_2016:-:::::::*
justsystems	easy_postcard_2017	-	cpe:2.3:a:justsystems:easy_postcard_2017:-:::::::*
justsystems	easy_postcard_2018	-	cpe:2.3:a:justsystems:easy_postcard_2018:-:::::::*
justsystems	ichitaro_2016	-	cpe:2.3:a:justsystems:ichitaro_2016:-:::::::*
justsystems	ichitaro_2017	-	cpe:2.3:a:justsystems:ichitaro_2017:-:::::::*
justsystems	ichitaro_2017_trial_version	-	cpe:2.3:a:justsystems:ichitaro_2017_trial_version:-:::::::*
justsystems	ichitaro_2018	-	cpe:2.3:a:justsystems:ichitaro_2018:-:::::::*
justsystems	ichitaro_government_6	-	cpe:2.3:a:justsystems:ichitaro_government_6:-:::::::*
justsystems	ichitaro_government_7	-	cpe:2.3:a:justsystems:ichitaro_government_7:-:::::::*
justsystems	ichitaro_government_8	-	cpe:2.3:a:justsystems:ichitaro_government_8:-:::::::*

Rows per page:

1-10 of 141

CNA Affected

[
  {
    "product": "Rakuraku Hagaki",
    "vendor": "Justsystem",
    "versions": [
      {
        "status": "affected",
        "version": "Rakuraku Hagaki 2018"
      },
      {
        "status": "affected",
        "version": "Rakuraku Hagaki 2017"
      },
      {
        "status": "affected",
        "version": "Rakuraku Hagaki 2016"
      }
    ]
  },
  {
    "product": "Rakuraku Hagaki Select for Ichitaro",
    "vendor": "Justsystem",
    "versions": [
      {
        "status": "affected",
        "version": "Ichitaro 2017"
      },
      {
        "status": "affected",
        "version": "Ichitaro 2016"
      },
      {
        "status": "affected",
        "version": "Ichitaro 2015"
      },
      {
        "status": "affected",
        "version": "Ichitaro Pro3"
      },
      {
        "status": "affected",
        "version": "Ichitaro Pro2"
      },
      {
        "status": "affected",
        "version": "Ichitaro Pro"
      },
      {
        "status": "affected",
        "version": "Ichitaro 2011"
      },
      {
        "status": "affected",
        "version": "Ichitaro Government 8"
      },
      {
        "status": "affected",
        "version": "Ichitaro Government 7"
      },
      {
        "status": "affected",
        "version": "Ichitaro Government 6"
      },
      {
        "status": "affected",
        "version": "Ichitaro 2017 Trial version"
      }
    ]
  }
]

References

jvn.jp/en/vu/JVNVU93703434/index.html

www.justsystems.com/jp/info/js17003.html

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

44.4%

JSON

Related for CVE-2017-10870