CVE-2007-6436

Stack-based buffer overflow in JSGCI.DLL in JustSystems Ichitaro 2005, 2006, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted document, as actively exploited in December 2007 by the Tarodrop.F trojan. NOTE: some of these details are obtained from third party information.

Published: Dec 18, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-6436
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
justsystem / ichitaro	2007	2007.x
justsystem / ichitaro	2006	2006.x
justsystem / ichitaro	2005	2005.x

http://secunia.com/advisories/27992
http://www.osvdb.org/39395
http://www.symantec.com/security_response/writeup.jsp?docid=2007-121308-3953-99
http://www.vupen.com/english/advisories/2007/4213
https://exchange.xforce.ibmcloud.com/vulnerabilities/39025

Vulnerability Database

289,697

CVE-2007-6436