CRITICAL🇵🇱 Wersja polska

CVE-2022-36344

CVSS 9.8v3.1pub. 2022-08-16upd. 2024-11-21

An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Justsystems Atok Medical 2

    APP
    Justsystems
    wszystkie wersje
  • Justsystems Atok Medical 3

    APP
    Justsystems
    wszystkie wersje
  • Justsystems Atok Pro 3

    APP
    Justsystems
    wszystkie wersje
  • Justsystems Atok Pro 4

    APP
    Justsystems
    wszystkie wersje
  • Justsystems Atok Pro 5

    APP
    Justsystems
    wszystkie wersje
  • Justsystems Hanako Police 5

    APP
    Justsystems
    wszystkie wersje
  • Justsystems Hanako Police 6

    APP
    Justsystems
    wszystkie wersje
  • Justsystems Hanako Police 7

    APP
    Justsystems
    wszystkie wersje
  • Justsystems Hanako Pro 3

    APP
    Justsystems
    wszystkie wersje
  • Justsystems Hanako Pro 4

    APP
    Justsystems
    wszystkie wersje
  • Justsystems Hanako Pro 5

    APP
    Justsystems
    wszystkie wersje
  • Justsystems Homepage Builder 20

    APP
    Justsystems
    wszystkie wersje
  • Justsystems Homepage Builder 21

    APP
    Justsystems
    wszystkie wersje
  • Justsystems Homepage Builder 22

    APP
    Justsystems
    wszystkie wersje
  • Justsystems Ichitaro Government 10

    APP
    Justsystems
    wszystkie wersje
  • Justsystems Ichitaro Government 8

    APP
    Justsystems
    wszystkie wersje
  • Justsystems Ichitaro Government 9

    APP
    Justsystems
    wszystkie wersje
  • Justsystems Ichitaro Pro 3

    APP
    Justsystems
    wszystkie wersje
  • Justsystems Ichitaro Pro 4

    APP
    Justsystems
    wszystkie wersje
  • Justsystems Ichitaro Pro 5

    APP
    Justsystems
    wszystkie wersje
  • Justsystems Just Calc 3

    APP
    Justsystems
    wszystkie wersje
  • Justsystems Just Calc 4

    APP
    Justsystems
    wszystkie wersje
  • Justsystems Just Calc 5

    APP
    Justsystems
    wszystkie wersje
  • Justsystems Just Focus 3

    APP
    Justsystems
    wszystkie wersje
  • Justsystems Just Focus 4

    APP
    Justsystems
    wszystkie wersje
  • Justsystems Just Frontier 3

    APP
    Justsystems
    wszystkie wersje
  • Justsystems Just Government 2

    APP
    Justsystems
    wszystkie wersje
  • Justsystems Just Government 3

    APP
    Justsystems
    wszystkie wersje
  • Justsystems Just Government 4

    APP
    Justsystems
    wszystkie wersje
  • Justsystems Just Government 5

    APP
    Justsystems
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-34366HIGH7.8ten sam produkt

A use-after-free vulnerability exists in the Figure stream parsing functionality of Ichitaro 2023 1.0.1.59372....

CVE-2023-35126HIGH7.8ten sam produkt

An out-of-bounds write vulnerability exists within the parsers for both the "DocumentViewStyles" and "Document...

CVE-2023-38127HIGH7.8ten sam produkt

An integer overflow exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. A specially cra...

CVE-2023-38128HIGH7.8ten sam produkt

An out-of-bounds write vulnerability exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372...

CVE-2017-10870HIGH7.8ten sam produkt

Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki 2018, Rakuraku Hagaki 2017, Rakuraku Hagak...