An out-of-bounds write vulnerability exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause a type confusion, which can lead to memory corruption and eventually arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
References
Link | Resource |
---|---|
https://jvn.jp/en/jp/JVN28846531/index.html | Third Party Advisory |
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1809 | Exploit Third Party Advisory |
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1809 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
25 Oct 2023, 14:05
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-787 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
CPE | cpe:2.3:a:justsystems:ichitaro_2022:-:*:*:*:*:*:*:* cpe:2.3:a:justsystems:just_police_5:-:*:*:*:*:*:*:* cpe:2.3:a:justsystems:just_police_3:-:*:*:*:*:*:*:* cpe:2.3:a:justsystems:just_office_4:-:*:*:*:*:*:*:* cpe:2.3:a:justsystems:ichitaro_government_9:-:*:*:*:*:*:*:* cpe:2.3:a:justsystems:easy_postcard_max:-:*:*:*:*:*:*:* cpe:2.3:a:justsystems:ichitaro_pro_3:-:*:*:*:*:*:*:* cpe:2.3:a:justsystems:ichitaro_2023:1.0.1.59372:*:*:*:*:*:*:* cpe:2.3:a:justsystems:just_office_3:-:*:*:*:*:*:*:* cpe:2.3:a:justsystems:just_government_5:-:*:*:*:*:*:*:* cpe:2.3:a:justsystems:ichitaro_pro_4:-:*:*:*:*:*:*:* cpe:2.3:a:justsystems:ichitaro_2021:-:*:*:*:*:*:*:* cpe:2.3:a:justsystems:ichitaro_government_10:-:*:*:*:*:*:*:* cpe:2.3:a:justsystems:just_government_4:-:*:*:*:*:*:*:* cpe:2.3:a:justsystems:just_government_3:-:*:*:*:*:*:*:* cpe:2.3:a:justsystems:ichitaro_pro_5:-:*:*:*:*:*:*:* cpe:2.3:a:justsystems:just_office_5:-:*:*:*:*:*:*:* cpe:2.3:a:justsystems:ichitaro_government_8:-:*:*:*:*:*:*:* cpe:2.3:a:justsystems:just_police_4:-:*:*:*:*:*:*:* |
|
References | (MISC) https://jvn.jp/en/jp/JVN28846531/index.html - Third Party Advisory | |
References | (MISC) https://talosintelligence.com/vulnerability_reports/TALOS-2023-1809 - Exploit, Third Party Advisory | |
References | (MISC) https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1809 - Exploit, Third Party Advisory | |
First Time |
Justsystems ichitaro Government 9
Justsystems Justsystems ichitaro 2022 Justsystems just Government 4 Justsystems ichitaro 2021 Justsystems easy Postcard Max Justsystems just Government 3 Justsystems just Government 5 Justsystems just Office 4 Justsystems ichitaro Pro 4 Justsystems ichitaro Pro 3 Justsystems just Police 3 Justsystems ichitaro 2023 Justsystems ichitaro Government 8 Justsystems just Office 5 Justsystems just Police 5 Justsystems just Police 4 Justsystems just Office 3 Justsystems ichitaro Pro 5 Justsystems ichitaro Government 10 |
20 Oct 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 Oct 2023, 19:36
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-19 18:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-38128
Mitre link : CVE-2023-38128
CVE.ORG link : CVE-2023-38128
JSON object : View
Products Affected
justsystems
- ichitaro_government_9
- easy_postcard_max
- just_police_3
- just_government_4
- ichitaro_2021
- ichitaro_2023
- just_police_4
- just_police_5
- ichitaro_government_10
- ichitaro_pro_4
- just_office_4
- just_office_3
- just_office_5
- ichitaro_government_8
- ichitaro_2022
- just_government_3
- just_government_5
- ichitaro_pro_5
- ichitaro_pro_3