CVE-2007-5687 - OpenCVE

Multiple buffer overflows in the rich text processing functionality in JustSystems Ichitaro 2004 through 2007, 11 through 13, and other versions allow remote attackers to execute arbitrary code via a long (1) pard field or (2) font name in the fcharset0 field, which is not properly handled in (a) JSTARO4.OCX; or (3) a long title, which is not properly handled by (b) TJSVDA.DLL.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Justsystem	Ichitaro

Configuration 1 [-]

OR	cpe:2.3:a:justsystem:ichitaro:11.0:::::::*
	cpe:2.3:a:justsystem:ichitaro:12.0:::::::*
	cpe:2.3:a:justsystem:ichitaro:13.0:::::::*
	cpe:2.3:a:justsystem:ichitaro:2004:::::::*
	cpe:2.3:a:justsystem:ichitaro:2005:::::::*
	cpe:2.3:a:justsystem:ichitaro:2006:::::::*
	cpe:2.3:a:justsystem:ichitaro:linux:::::::*
	cpe:2.3:a:justsystem:ichitaro:lite2:::::::*

No data.

References

Link	Providers
http://jvn.jp/jp/JVN%2329211062/index.html
http://jvn.jp/jp/JVN%2332981509/index.html
http://jvn.jp/jp/JVN%2350495547/index.html
http://osvdb.org/39394
http://secunia.com/advisories/27393
http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-1
http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-2
http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-3
http://www.ipa.go.jp/security/vuln/200710_Ichitaro.html
http://www.justsystems.com/jp/info/pd7004.html
http://www.securityfocus.com/bid/26206
http://www.vupen.com/english/advisories/2007/3623
https://exchange.xforce.ibmcloud.com/vulnerabilities/38129
https://exchange.xforce.ibmcloud.com/vulnerabilities/38130

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-10-28T16:00:00

Updated: 2024-08-07T15:39:13.612Z

Reserved: 2007-10-28T00:00:00

Link: CVE-2007-5687

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-10-28T17:08:00.000

Modified: 2017-07-29T01:33:48.427

Link: CVE-2007-5687

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-10-26T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in the rich text processing functionality in JustSystems Ichitaro 2004 through 2007, 11 through 13, and other versions allow remote attackers to execute arbitrary code via a long (1) pard field or (2) font name in the fcharset0 field, which is not properly handled in (a) JSTARO4.OCX; or (3) a long title, which is not properly handled by (b) TJSVDA.DLL."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "justsystems-jstar04-bo(38130)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38130"}, {"name": "26206", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26206"}, {"name": "27393", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27393"}, {"tags": ["x_refsource_MISC"], "url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-2"}, {"name": "JVN#50495547", "tags": ["third-party-advisory", "x_refsource_JVN"], "url": "http://jvn.jp/jp/JVN%2350495547/index.html"}, {"name": "JVN#29211062", "tags": ["third-party-advisory", "x_refsource_JVN"], "url": "http://jvn.jp/jp/JVN%2329211062/index.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-3"}, {"name": "39394", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/39394"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.justsystems.com/jp/info/pd7004.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-1"}, {"name": "justsystems-tjsvda-bo(38129)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38129"}, {"name": "ADV-2007-3623", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3623"}, {"name": "JVN#32981509", "tags": ["third-party-advisory", "x_refsource_JVN"], "url": "http://jvn.jp/jp/JVN%2332981509/index.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.ipa.go.jp/security/vuln/200710_Ichitaro.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5687", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple buffer overflows in the rich text processing functionality in JustSystems Ichitaro 2004 through 2007, 11 through 13, and other versions allow remote attackers to execute arbitrary code via a long (1) pard field or (2) font name in the fcharset0 field, which is not properly handled in (a) JSTARO4.OCX; or (3) a long title, which is not properly handled by (b) TJSVDA.DLL."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "justsystems-jstar04-bo(38130)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38130"}, {"name": "26206", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26206"}, {"name": "27393", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27393"}, {"name": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-2", "refsource": "MISC", "url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-2"}, {"name": "JVN#50495547", "refsource": "JVN", "url": "http://jvn.jp/jp/JVN%2350495547/index.html"}, {"name": "JVN#29211062", "refsource": "JVN", "url": "http://jvn.jp/jp/JVN%2329211062/index.html"}, {"name": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-3", "refsource": "MISC", "url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-3"}, {"name": "39394", "refsource": "OSVDB", "url": "http://osvdb.org/39394"}, {"name": "http://www.justsystems.com/jp/info/pd7004.html", "refsource": "CONFIRM", "url": "http://www.justsystems.com/jp/info/pd7004.html"}, {"name": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-1", "refsource": "MISC", "url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-1"}, {"name": "justsystems-tjsvda-bo(38129)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38129"}, {"name": "ADV-2007-3623", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3623"}, {"name": "JVN#32981509", "refsource": "JVN", "url": "http://jvn.jp/jp/JVN%2332981509/index.html"}, {"name": "http://www.ipa.go.jp/security/vuln/200710_Ichitaro.html", "refsource": "MISC", "url": "http://www.ipa.go.jp/security/vuln/200710_Ichitaro.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:39:13.612Z"}, "title": "CVE Program Container", "references": [{"name": "justsystems-jstar04-bo(38130)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38130"}, {"name": "26206", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/26206"}, {"name": "27393", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27393"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-2"}, {"name": "JVN#50495547", "tags": ["third-party-advisory", "x_refsource_JVN", "x_transferred"], "url": "http://jvn.jp/jp/JVN%2350495547/index.html"}, {"name": "JVN#29211062", "tags": ["third-party-advisory", "x_refsource_JVN", "x_transferred"], "url": "http://jvn.jp/jp/JVN%2329211062/index.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-3"}, {"name": "39394", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/39394"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.justsystems.com/jp/info/pd7004.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-1"}, {"name": "justsystems-tjsvda-bo(38129)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38129"}, {"name": "ADV-2007-3623", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/3623"}, {"name": "JVN#32981509", "tags": ["third-party-advisory", "x_refsource_JVN", "x_transferred"], "url": "http://jvn.jp/jp/JVN%2332981509/index.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.ipa.go.jp/security/vuln/200710_Ichitaro.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5687", "datePublished": "2007-10-28T16:00:00", "dateReserved": "2007-10-28T00:00:00", "dateUpdated": "2024-08-07T15:39:13.612Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:justsystem:ichitaro:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "69A39F16-968A-48E9-907F-36133B6775D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:justsystem:ichitaro:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "FDC262B5-28BE-4EC6-89CC-B013A15CB10C", "vulnerable": true}, {"criteria": "cpe:2.3:a:justsystem:ichitaro:13.0:*:*:*:*:*:*:*", "matchCriteriaId": "72EFC88E-B6D1-4B8A-ADDD-5B2EF6523FEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:justsystem:ichitaro:2004:*:*:*:*:*:*:*", "matchCriteriaId": "AF08B2B3-8387-4A91-8866-4C9555901D0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:justsystem:ichitaro:2005:*:*:*:*:*:*:*", "matchCriteriaId": "B4125282-F81C-45E4-B5A3-D5685A859455", "vulnerable": true}, {"criteria": "cpe:2.3:a:justsystem:ichitaro:2006:*:*:*:*:*:*:*", "matchCriteriaId": "038FB1DB-00F3-4761-A6F4-551360CF7983", "vulnerable": true}, {"criteria": "cpe:2.3:a:justsystem:ichitaro:linux:*:*:*:*:*:*:*", "matchCriteriaId": "D42AF9B5-D9C7-435B-8FE7-B2DB39CDACC0", "vulnerable": true}, {"criteria": "cpe:2.3:a:justsystem:ichitaro:lite2:*:*:*:*:*:*:*", "matchCriteriaId": "D47648C1-CF81-4C0E-91DE-0773C13AA4D9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in the rich text processing functionality in JustSystems Ichitaro 2004 through 2007, 11 through 13, and other versions allow remote attackers to execute arbitrary code via a long (1) pard field or (2) font name in the fcharset0 field, which is not properly handled in (a) JSTARO4.OCX; or (3) a long title, which is not properly handled by (b) TJSVDA.DLL."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer en la funcionalidad de procesamiento de texto enriquecido en el JustSystems Ichitaro 2004 hasta el 2007, el 11 hasta el 13 y otras versiones, permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de la inserci\u00f3n de (1) un largo en el par\u00e1metro pard o (2) un nombre de fuente largo en el campo fcharset0, lo que no es correctamente manejado en el (a) JSTARO4.OCX; o (3) un t\u00edtulo largo, lo que no es correctamente manejado por el (b) TJSVDA.DLL."}], "id": "CVE-2007-5687", "lastModified": "2017-07-29T01:33:48.427", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-10-28T17:08:00.000", "references": [{"source": "cve@mitre.org", "url": "http://jvn.jp/jp/JVN%2329211062/index.html"}, {"source": "cve@mitre.org", "url": "http://jvn.jp/jp/JVN%2332981509/index.html"}, {"source": "cve@mitre.org", "url": "http://jvn.jp/jp/JVN%2350495547/index.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/39394"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/27393"}, {"source": "cve@mitre.org", "url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-1"}, {"source": "cve@mitre.org", "url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-2"}, {"source": "cve@mitre.org", "url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-3"}, {"source": "cve@mitre.org", "url": "http://www.ipa.go.jp/security/vuln/200710_Ichitaro.html"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.justsystems.com/jp/info/pd7004.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/26206"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/3623"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38129"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38130"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}