An out-of-bounds write vulnerability exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause a type confusion, which can lead to memory corruption and eventually arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
References
Link | Resource |
---|---|
https://jvn.jp/en/jp/JVN28846531/index.html | Third Party Advisory |
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1809 | Exploit Third Party Advisory |
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1809 | Exploit Third Party Advisory |
https://jvn.jp/en/jp/JVN28846531/index.html | Third Party Advisory |
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1809 | Exploit Third Party Advisory |
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1809 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:12
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-19 18:15
Updated : 2024-11-21 08:12
NVD link : CVE-2023-38128
Mitre link : CVE-2023-38128
CVE.ORG link : CVE-2023-38128
JSON object : View
Products Affected
justsystems
- ichitaro_government_9
- ichitaro_2023
- easy_postcard_max
- ichitaro_pro_4
- just_police_4
- just_police_3
- just_government_5
- just_government_4
- just_office_4
- ichitaro_government_10
- ichitaro_2021
- just_office_3
- just_office_5
- ichitaro_pro_3
- ichitaro_2022
- ichitaro_pro_5
- just_government_3
- just_police_5
- ichitaro_government_8