HIGH🇬🇧 English

CVE-2017-2789

CVSS 8.8v3.0pub. 2017-02-24upd. 2026-05-13

When copying filedata into a buffer, JustSystems Ichitaro Office 2016 Trial will calculate two values to determine how much data to copy from the document. If both of these values are larger than the size of the buffer, the application will choose the smaller of the two and trust it to copy data from the file. This value is larger than the buffer size, which leads to a heap-based buffer overflow. This overflow corrupts an offset in the heap used in pointer arithmetic for writing data and can lead to code execution under the context of the application.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Justsystems Ichitaro

    APP
    Justsystems
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCEMemory
CWE
Referencje

Powiązane podatności

CVE-2017-2790HIGH8.8ten sam produkt

When processing a record type of 0x3c from a Workbook stream from an Excel file (.xls), JustSystems Ichitaro O...

CVE-2017-2791HIGH7.5ten sam produkt

JustSystems Ichitaro 2016 Trial contains a vulnerability that exists when trying to open a specially crafted P...

CVE-2014-7247HIGH10.0ten sam produkt

Unspecified vulnerability in JustSystems Ichitaro 2008 through 2011; Ichitaro Government 6, 7, 2008, 2009, and...

CVE-2014-2003HIGH7.6ten sam produkt

JustSystems JUST Online Update, as used in Ichitaro through 2014 and other products, does not properly validat...

CVE-2013-5990HIGH9.3ten sam produkt

Unspecified vulnerability in JustSystems Ichitaro 2006 through 2011; Ichitaro Government 6, 7, and 2006 throug...