CVE-2014-2003

JustSystems JUST Online Update, as used in Ichitaro through 2014 and other products, does not properly validate signatures of update modules, which allows remote attackers to spoof modules and execute arbitrary code via a crafted signature.

Published: Jun 16, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-2003
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.6
AV:N/AC:H/Au:N/C:C/I:C/A:C

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
justsystems / ichitaro	2009	2009.x
justsystems / ichitaro	13	13.x
justsystems / ichitaro	2012	2012.x
justsystems / ichitaro	2006	2006.x
justsystems / ichitaro	2011	2011.x
justsystems / ichitaro	-	2014.x
justsystems / ichitaro	2008	2008.x
justsystems / ichitaro	2005	2005.x
justsystems / ichitaro	10	10.x
justsystems / ichitaro	12	12.x
justsystems / ichitaro	2010	2010.x
justsystems / ichitaro	2013	2013.x
justsystems / ichitaro	2007	2007.x
justsystems / ichitaro	11	11.x
justsystems / ichitaro	2004	2004.x

http://jvn.jp/en/jp/JVN50129191/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000053
http://www.ipa.go.jp/security/ciadr/vul/20140611-jvn.html
http://www.justsystems.com/jp/info/js14002.html

Vulnerability Database

289,697

CVE-2014-2003