Description
JustSystems JUST Online Update, as used in Ichitaro through 2014 and other products, does not properly validate signatures of update modules, which allows remote attackers to spoof modules and execute arbitrary code via a crafted signature.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
http://www.justsystems.com/jp/info/js14002.html
Third Party Advisory third-party-advisory
x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000053
Third Party Advisory third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN50129191/index.html
Various Sources x_refsource_misc
http://www.ipa.go.jp/security/ciadr/vul/20140611-jvn.html
Scores
EPSS
0.0359
EPSS Percentile
88.1%
Details
CWE
CWE-20
Status
published
Products (16)
justsystems/ichitaro
10
justsystems/ichitaro
11
justsystems/ichitaro
12
justsystems/ichitaro
13
justsystems/ichitaro
2004
justsystems/ichitaro
2005
justsystems/ichitaro
2006 (2 CPE variants)
justsystems/ichitaro
2007 (2 CPE variants)
justsystems/ichitaro
2008 (2 CPE variants)
justsystems/ichitaro
2009 (3 CPE variants)
... and 6 more
Published
Jun 16, 2014
Tracked Since
Feb 18, 2026