SNS Advisory No.91
ICHITARO 2006 Document Property Buffer Overflow Vulnerability
Discovered on:30 Aug 2006
Released on:18 Oct 2006
Severity:
Medium
Overview:
Ichitaro 2006 has a vulnerability in handling string length specified in the document property. This could result in a buffer overflow condition and arbitrary code could be executed.
Description:
In the Ichitaro 2006, the document property including "Keyword" and "Title" can be specified in the created document.
The specified string length, however, can not be handled properly due to a vulnerability in handling the document property.
The buffer overflow occurs when any malformed document data is loaded to the Ichitaro 2006 and the user is made to display the document property. This could eventually result in execution of arbitrary code.
Affected Products and Versions:
Ichitaro 2006
Ichitaro 2006 trial edition
Ichitaro Government 2006
Solution:
The vulnerability can be fixed by installing the security update module, which is available at:
http://www.justsystem.co.jp/info/pd6004.html
Discovered by:
Yuu Arai (LAC)
Thanks to:
This LAC Advisory is released in coordination with Information-technology Promotion Agency, Japan (IPA) and Japan Computer Emargency Response Team Coordination Center (JPCERT/CC.)
http://jvn.jp/jp/JVN%2390815371/index.htmlhttp://www.ipa.go.jp/security/vuln/documents/2006/JVN_90815371_ichitaro.html
Disclaimer:
The information contained in this advisory may be revised without prior notice and is provided as is. Users shall take their own risk when taking any actions following reading this advisory. Little eArth Corporation Co., Ltd. shall not be held responsible for any claims, losses or damages caused by the use of information provided here.
This advisory is available at the following URL:
http://www.lac.co.jp/english/advisory/91_e.html
Reference
Category Menu
