CVE-2017-10870

HIGH

Justsystems Easy Postcard 2016 - Memory Corruption

Title source: rule
STIX 2.1

Description

Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki 2018, Rakuraku Hagaki 2017, Rakuraku Hagaki 2016) and Rakuraku Hagaki Select for Ichitaro (Ichitaro 2017, Ichitaro 2016, Ichitaro 2015, Ichitaro Pro3, Ichitaro Pro2, Ichitaro Pro, Ichitaro 2011, Ichitaro Government 8, Ichitaro Government 7, Ichitaro Government 6 and Ichitaro 2017 Trial version) allows attackers to execute arbitrary code with privileges of the application via specially crafted file.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry x_refsource_misc
https://jvn.jp/en/vu/JVNVU93703434/index.html
Patch, Vendor Advisory x_refsource_misc
https://www.justsystems.com/jp/info/js17003.html

Scores

CVSS v3 7.8
EPSS 0.0131
EPSS Percentile 67.2%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (28)
Justsystem/Rakuraku Hagaki Rakuraku Hagaki 2016
Justsystem/Rakuraku Hagaki Rakuraku Hagaki 2017
Justsystem/Rakuraku Hagaki Rakuraku Hagaki 2018
Justsystem/Rakuraku Hagaki Select for Ichitaro Ichitaro 2011
Justsystem/Rakuraku Hagaki Select for Ichitaro Ichitaro 2015
Justsystem/Rakuraku Hagaki Select for Ichitaro Ichitaro 2016
Justsystem/Rakuraku Hagaki Select for Ichitaro Ichitaro 2017
Justsystem/Rakuraku Hagaki Select for Ichitaro Ichitaro 2017 Trial version
Justsystem/Rakuraku Hagaki Select for Ichitaro Ichitaro Government 6
Justsystem/Rakuraku Hagaki Select for Ichitaro Ichitaro Government 7
... and 18 more
Published Nov 02, 2017
Tracked Since Feb 18, 2026