JVN#50129191: JustSystems Online Update Program bundled with JustSystems products vulnerable to arbitrary code execution

“JUST Online Update” and “JUST Online Update for J-License and the management tools” that are bundled with multiple JustSystems products contain a flaw that allows the update program to be executed even if the signature of an update module is invalid.
Please note that this is a flaw in the online update program, not a flaw in each software itself.

Impact

If a user execute a crafted update module, arbitrary code may be executed.

Solution

Apply the Update
Update “JUST Online Update” and “JUST Online Update for J-License and management tools” according to the information provided by the developer.

For more information, please refer to the developer’s website.

Products Affected

All the products that bundle the following update program are affected.

• JUST Online Update (for an individual user)
• JUST Online Update for J-License and management tools (for a corporate user)
  A wide range of products are affected. For more information, please refer to the developer’s web site.