Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-10870 | 1 Justsystems | 14 Easy Postcard 2016, Easy Postcard 2017, Easy Postcard 2018 and 11 more | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki 2018, Rakuraku Hagaki 2017, Rakuraku Hagaki 2016) and Rakuraku Hagaki Select for Ichitaro (Ichitaro 2017, Ichitaro 2016, Ichitaro 2015, Ichitaro Pro3, Ichitaro Pro2, Ichitaro Pro, Ichitaro 2011, Ichitaro Government 8, Ichitaro Government 7, Ichitaro Government 6 and Ichitaro 2017 Trial version) allows attackers to execute arbitrary code with privileges of the application via specially crafted file. | |||||
| CVE-2023-38128 | 1 Justsystems | 19 Easy Postcard Max, Ichitaro 2021, Ichitaro 2022 and 16 more | 2024-11-21 | N/A | 7.8 HIGH |
| An out-of-bounds write vulnerability exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause a type confusion, which can lead to memory corruption and eventually arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2023-38127 | 1 Justsystems | 19 Easy Postcard Max, Ichitaro 2021, Ichitaro 2022 and 16 more | 2024-11-21 | N/A | 7.8 HIGH |
| An integer overflow exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause the parser to make an under-sized allocation, which can later allow for memory corruption, potentially resulting in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2023-35126 | 1 Justsystems | 19 Easy Postcard Max, Ichitaro 2021, Ichitaro 2022 and 16 more | 2024-11-21 | N/A | 7.8 HIGH |
| An out-of-bounds write vulnerability exists within the parsers for both the "DocumentViewStyles" and "DocumentEditStyles" streams of Ichitaro 2023 1.0.1.59372 when processing types 0x0000-0x0009 of a style record with the type 0x2008. A specially crafted document can cause memory corruption, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2023-34366 | 1 Justsystems | 19 Easy Postcard Max, Ichitaro 2021, Ichitaro 2022 and 16 more | 2024-11-21 | N/A | 7.8 HIGH |
| A use-after-free vulnerability exists in the Figure stream parsing functionality of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause memory corruption, resulting in arbitrary code execution. Victim would need to open a malicious file to trigger this vulnerability. | |||||
| CVE-2022-36344 | 1 Justsystems | 60 Atok Medical 2, Atok Medical 3, Atok Pro 3 and 57 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect. | |||||