CVE-2007-5687
Multiple buffer overflows in the rich text processing functionality in JustSystems Ichitaro 2004 through 2007, 11 through 13, and other versions allow remote attackers to execute arbitrary code via a long (1) pard field or (2) font name in the fcharset0 field, which is not properly handled in (a) JSTARO4.OCX; or (3) a long title, which is not properly handled by (b) TJSVDA.DLL.
| Software | From | Fixed in |
|---|---|---|
| justsystem / ichitaro | lite2 | lite2.x |
| justsystem / ichitaro | linux | linux.x |
| justsystem / ichitaro | 11.0 | 11.0.x |
| justsystem / ichitaro | 2006 | 2006.x |
| justsystem / ichitaro | 2005 | 2005.x |
| justsystem / ichitaro | 12.0 | 12.0.x |
| justsystem / ichitaro | 13.0 | 13.0.x |
| justsystem / ichitaro | 2004 | 2004.x |
- http://jvn.jp/jp/JVN%2329211062/index.html
- http://jvn.jp/jp/JVN%2332981509/index.html
- http://jvn.jp/jp/JVN%2350495547/index.html
- http://osvdb.org/39394
- http://secunia.com/advisories/27393
- http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-1
- http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-2
- http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-3
- http://www.ipa.go.jp/security/vuln/200710_Ichitaro.html
- http://www.justsystems.com/jp/info/pd7004.html
- http://www.securityfocus.com/bid/26206
- http://www.vupen.com/english/advisories/2007/3623
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38129
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38130
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime