CVE-2007-5687 - OpenCVE

Multiple buffer overflows in the rich text processing functionality in JustSystems Ichitaro 2004 through 2007, 11 through 13, and other versions allow remote attackers to execute arbitrary code via a long (1) pard field or (2) font name in the fcharset0 field, which is not properly handled in (a) JSTARO4.OCX; or (3) a long title, which is not properly handled by (b) TJSVDA.DLL.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Justsystem	Ichitaro

Configuration 1 [-]

OR	cpe:2.3:a:justsystem:ichitaro:11.0:::::::*
	cpe:2.3:a:justsystem:ichitaro:12.0:::::::*
	cpe:2.3:a:justsystem:ichitaro:13.0:::::::*
	cpe:2.3:a:justsystem:ichitaro:2004:::::::*
	cpe:2.3:a:justsystem:ichitaro:2005:::::::*
	cpe:2.3:a:justsystem:ichitaro:2006:::::::*
	cpe:2.3:a:justsystem:ichitaro:linux:::::::*
	cpe:2.3:a:justsystem:ichitaro:lite2:::::::*

References

Link	Resource
http://jvn.jp/jp/JVN%2329211062/index.html
http://jvn.jp/jp/JVN%2332981509/index.html
http://jvn.jp/jp/JVN%2350495547/index.html
http://osvdb.org/39394
http://secunia.com/advisories/27393	Patch Vendor Advisory
http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-1
http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-2
http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-3
http://www.ipa.go.jp/security/vuln/200710_Ichitaro.html
http://www.justsystems.com/jp/info/pd7004.html	Patch
http://www.securityfocus.com/bid/26206
http://www.vupen.com/english/advisories/2007/3623
https://exchange.xforce.ibmcloud.com/vulnerabilities/38129
https://exchange.xforce.ibmcloud.com/vulnerabilities/38130

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-10-28T16:00:00

Updated: 2017-07-28T12:57:01

Reserved: 2007-10-28T00:00:00

Link: CVE-2007-5687

JSON object: View

NVD Information

Status : Modified

Published: 2007-10-28T17:08:00.000

Modified: 2017-07-29T01:33:48.427

Link: CVE-2007-5687

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-10-26T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in the rich text processing functionality in JustSystems Ichitaro 2004 through 2007, 11 through 13, and other versions allow remote attackers to execute arbitrary code via a long (1) pard field or (2) font name in the fcharset0 field, which is not properly handled in (a) JSTARO4.OCX; or (3) a long title, which is not properly handled by (b) TJSVDA.DLL."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "justsystems-jstar04-bo(38130)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38130"}, {"name": "26206", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26206"}, {"name": "27393", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27393"}, {"tags": ["x_refsource_MISC"], "url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-2"}, {"name": "JVN#50495547", "tags": ["third-party-advisory", "x_refsource_JVN"], "url": "http://jvn.jp/jp/JVN%2350495547/index.html"}, {"name": "JVN#29211062", "tags": ["third-party-advisory", "x_refsource_JVN"], "url": "http://jvn.jp/jp/JVN%2329211062/index.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-3"}, {"name": "39394", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/39394"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.justsystems.com/jp/info/pd7004.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-1"}, {"name": "justsystems-tjsvda-bo(38129)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38129"}, {"name": "ADV-2007-3623", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3623"}, {"name": "JVN#32981509", "tags": ["third-party-advisory", "x_refsource_JVN"], "url": "http://jvn.jp/jp/JVN%2332981509/index.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.ipa.go.jp/security/vuln/200710_Ichitaro.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5687", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple buffer overflows in the rich text processing functionality in JustSystems Ichitaro 2004 through 2007, 11 through 13, and other versions allow remote attackers to execute arbitrary code via a long (1) pard field or (2) font name in the fcharset0 field, which is not properly handled in (a) JSTARO4.OCX; or (3) a long title, which is not properly handled by (b) TJSVDA.DLL."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "justsystems-jstar04-bo(38130)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38130"}, {"name": "26206", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26206"}, {"name": "27393", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27393"}, {"name": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-2", "refsource": "MISC", "url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-2"}, {"name": "JVN#50495547", "refsource": "JVN", "url": "http://jvn.jp/jp/JVN%2350495547/index.html"}, {"name": "JVN#29211062", "refsource": "JVN", "url": "http://jvn.jp/jp/JVN%2329211062/index.html"}, {"name": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-3", "refsource": "MISC", "url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-3"}, {"name": "39394", "refsource": "OSVDB", "url": "http://osvdb.org/39394"}, {"name": "http://www.justsystems.com/jp/info/pd7004.html", "refsource": "CONFIRM", "url": "http://www.justsystems.com/jp/info/pd7004.html"}, {"name": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-1", "refsource": "MISC", "url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-1"}, {"name": "justsystems-tjsvda-bo(38129)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38129"}, {"name": "ADV-2007-3623", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3623"}, {"name": "JVN#32981509", "refsource": "JVN", "url": "http://jvn.jp/jp/JVN%2332981509/index.html"}, {"name": "http://www.ipa.go.jp/security/vuln/200710_Ichitaro.html", "refsource": "MISC", "url": "http://www.ipa.go.jp/security/vuln/200710_Ichitaro.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5687", "datePublished": "2007-10-28T16:00:00", "dateReserved": "2007-10-28T00:00:00", "dateUpdated": "2017-07-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:justsystem:ichitaro:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "69A39F16-968A-48E9-907F-36133B6775D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:justsystem:ichitaro:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "FDC262B5-28BE-4EC6-89CC-B013A15CB10C", "vulnerable": true}, {"criteria": "cpe:2.3:a:justsystem:ichitaro:13.0:*:*:*:*:*:*:*", "matchCriteriaId": "72EFC88E-B6D1-4B8A-ADDD-5B2EF6523FEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:justsystem:ichitaro:2004:*:*:*:*:*:*:*", "matchCriteriaId": "AF08B2B3-8387-4A91-8866-4C9555901D0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:justsystem:ichitaro:2005:*:*:*:*:*:*:*", "matchCriteriaId": "B4125282-F81C-45E4-B5A3-D5685A859455", "vulnerable": true}, {"criteria": "cpe:2.3:a:justsystem:ichitaro:2006:*:*:*:*:*:*:*", "matchCriteriaId": "038FB1DB-00F3-4761-A6F4-551360CF7983", "vulnerable": true}, {"criteria": "cpe:2.3:a:justsystem:ichitaro:linux:*:*:*:*:*:*:*", "matchCriteriaId": "D42AF9B5-D9C7-435B-8FE7-B2DB39CDACC0", "vulnerable": true}, {"criteria": "cpe:2.3:a:justsystem:ichitaro:lite2:*:*:*:*:*:*:*", "matchCriteriaId": "D47648C1-CF81-4C0E-91DE-0773C13AA4D9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in the rich text processing functionality in JustSystems Ichitaro 2004 through 2007, 11 through 13, and other versions allow remote attackers to execute arbitrary code via a long (1) pard field or (2) font name in the fcharset0 field, which is not properly handled in (a) JSTARO4.OCX; or (3) a long title, which is not properly handled by (b) TJSVDA.DLL."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer en la funcionalidad de procesamiento de texto enriquecido en el JustSystems Ichitaro 2004 hasta el 2007, el 11 hasta el 13 y otras versiones, permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de la inserci\u00f3n de (1) un largo en el par\u00e1metro pard o (2) un nombre de fuente largo en el campo fcharset0, lo que no es correctamente manejado en el (a) JSTARO4.OCX; o (3) un t\u00edtulo largo, lo que no es correctamente manejado por el (b) TJSVDA.DLL."}], "id": "CVE-2007-5687", "lastModified": "2017-07-29T01:33:48.427", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-10-28T17:08:00.000", "references": [{"source": "cve@mitre.org", "url": "http://jvn.jp/jp/JVN%2329211062/index.html"}, {"source": "cve@mitre.org", "url": "http://jvn.jp/jp/JVN%2332981509/index.html"}, {"source": "cve@mitre.org", "url": "http://jvn.jp/jp/JVN%2350495547/index.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/39394"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/27393"}, {"source": "cve@mitre.org", "url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-1"}, {"source": "cve@mitre.org", "url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-2"}, {"source": "cve@mitre.org", "url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-3"}, {"source": "cve@mitre.org", "url": "http://www.ipa.go.jp/security/vuln/200710_Ichitaro.html"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.justsystems.com/jp/info/pd7004.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/26206"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/3623"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38129"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38130"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}