CVE-2014-2003

JustSystems JUST Online Update - RCE

Title source: llm
STIX 2.1

Description

JustSystems JUST Online Update, as used in Ichitaro through 2014 and other products, does not properly validate signatures of update modules, which allows remote attackers to spoof modules and execute arbitrary code via a crafted signature.

References (4)

Core 4
Core References
Vendor Advisory x_refsource_confirm
http://www.justsystems.com/jp/info/js14002.html
Third Party Advisory third-party-advisory x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000053
Third Party Advisory third-party-advisory x_refsource_jvn
http://jvn.jp/en/jp/JVN50129191/index.html

Scores

EPSS 0.0359
EPSS Percentile 88.1%

Details

CWE
CWE-20
Status published
Products (16)
justsystems/ichitaro 10
justsystems/ichitaro 11
justsystems/ichitaro 12
justsystems/ichitaro 13
justsystems/ichitaro 2004
justsystems/ichitaro 2005
justsystems/ichitaro 2006 (2 CPE variants)
justsystems/ichitaro 2007 (2 CPE variants)
justsystems/ichitaro 2008 (2 CPE variants)
justsystems/ichitaro 2009 (3 CPE variants)
... and 6 more
Published Jun 16, 2014
Tracked Since Feb 18, 2026