CVE-2017-10870

EUVD-2017-2510

02.11.2017, 15:29

Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki 2018, Rakuraku Hagaki 2017, Rakuraku Hagaki 2016) and Rakuraku Hagaki Select for Ichitaro (Ichitaro 2017, Ichitaro 2016, Ichitaro 2015, Ichitaro Pro3, Ichitaro Pro2, Ichitaro Pro, Ichitaro 2011, Ichitaro Government 8, Ichitaro Government 7, Ichitaro Government 6 and Ichitaro 2017 Trial version) allows attackers to execute arbitrary code with privileges of the application via specially crafted file.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	NONE	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 56%

Affected Products (NVD)

Vendor	Product	Version
justsystems	easy_postcard_2016	-
justsystems	easy_postcard_2017	-
justsystems	easy_postcard_2018	-
justsystems	ichitaro_2016	-
justsystems	ichitaro_2017	-
justsystems	ichitaro_2017_trial_version	-
justsystems	ichitaro_2018	-
justsystems	ichitaro_government_6	-
justsystems	ichitaro_government_7	-
justsystems	ichitaro_government_8	-
justsystems	ichitaro_pro	-
justsystems	ichitaro_pro_2	-
justsystems	ichitaro_pro_2011	-
justsystems	ichitaro_pro_3	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

https://jvn.jp/en/vu/JVNVU93703434/index.html

https://www.justsystems.com/jp/info/js17003.html

https://jvn.jp/en/vu/JVNVU93703434/index.html

https://www.justsystems.com/jp/info/js17003.html