Vulnerability Details CVE-2007-5687
Multiple buffer overflows in the rich text processing functionality in JustSystems Ichitaro 2004 through 2007, 11 through 13, and other versions allow remote attackers to execute arbitrary code via a long (1) pard field or (2) font name in the fcharset0 field, which is not properly handled in (a) JSTARO4.OCX; or (3) a long title, which is not properly handled by (b) TJSVDA.DLL.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.221
EPSS Ranking 95.4%
CVSS Severity
CVSS v2 Score 9.3
References
- http://jvn.jp/jp/JVN%2329211062/index.html
- http://jvn.jp/jp/JVN%2332981509/index.html
- http://jvn.jp/jp/JVN%2350495547/index.html
- http://osvdb.org/39394
- http://secunia.com/advisories/27393
- http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-1
- http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-2
- http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-3
- http://www.ipa.go.jp/security/vuln/200710_Ichitaro.html
- http://www.justsystems.com/jp/info/pd7004.html
- http://www.securityfocus.com/bid/26206
- http://www.vupen.com/english/advisories/2007/3623
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38129
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38130
- http://jvn.jp/jp/JVN%2329211062/index.html
- http://jvn.jp/jp/JVN%2332981509/index.html
- http://jvn.jp/jp/JVN%2350495547/index.html
- http://osvdb.org/39394
- http://secunia.com/advisories/27393
- http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-1
- http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-2
- http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-3
- http://www.ipa.go.jp/security/vuln/200710_Ichitaro.html
- http://www.justsystems.com/jp/info/pd7004.html
- http://www.securityfocus.com/bid/26206
- http://www.vupen.com/english/advisories/2007/3623
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38129
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38130
Products affected by CVE-2007-5687
-
cpe:2.3:a:justsystem:ichitaro:11.0
-
cpe:2.3:a:justsystem:ichitaro:12.0
-
cpe:2.3:a:justsystem:ichitaro:13.0
-
cpe:2.3:a:justsystem:ichitaro:2004
-
cpe:2.3:a:justsystem:ichitaro:2005
-
cpe:2.3:a:justsystem:ichitaro:2006
-
cpe:2.3:a:justsystem:ichitaro:linux
-
cpe:2.3:a:justsystem:ichitaro:lite2