CVE-2007-5687

JustSystems Ichitaro 2004-2007, 11-13 - Buffer Overflow via Rich Text Processing

Title source: llm
STIX 2.1

Description

Multiple buffer overflows in the rich text processing functionality in JustSystems Ichitaro 2004 through 2007, 11 through 13, and other versions allow remote attackers to execute arbitrary code via a long (1) pard field or (2) font name in the fcharset0 field, which is not properly handled in (a) JSTARO4.OCX; or (3) a long title, which is not properly handled by (b) TJSVDA.DLL.

References (14)

Core 14
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/38130
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/26206
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27393
Third Party Advisory third-party-advisory x_refsource_jvn
http://jvn.jp/jp/JVN%2350495547/index.html
Third Party Advisory third-party-advisory x_refsource_jvn
http://jvn.jp/jp/JVN%2329211062/index.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/39394
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/38129
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3623
Third Party Advisory third-party-advisory x_refsource_jvn
http://jvn.jp/jp/JVN%2332981509/index.html

Scores

EPSS 0.0574
EPSS Percentile 92.2%

Details

CWE
CWE-119
Status published
Products (8)
justsystem/ichitaro 11.0
justsystem/ichitaro 12.0
justsystem/ichitaro 13.0
justsystem/ichitaro 2004
justsystem/ichitaro 2005
justsystem/ichitaro 2006
justsystem/ichitaro linux
justsystem/ichitaro lite2
Published Oct 28, 2007
Tracked Since Feb 18, 2026