CVE-2017-2789 - Vulnerability Details - OpenCVE

When copying filedata into a buffer, JustSystems Ichitaro Office 2016 Trial will calculate two values to determine how much data to copy from the document. If both of these values are larger than the size of the buffer, the application will choose the smaller of the two and trust it to copy data from the file. This value is larger than the buffer size, which leads to a heap-based buffer overflow. This overflow corrupts an offset in the heap used in pointer arithmetic for writing data and can lead to code execution under the context of the application.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Justsystems	Ichitaro

Configuration 1 [-]

cpe:2.3:a:justsystems:ichitaro:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/96438
http://www.talosintelligence.com/reports/TALOS-2016-0196/

History

No history.

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2017-02-24T22:00:00

Updated: 2024-08-05T14:02:07.828Z

Reserved: 2016-12-01T00:00:00

Link: CVE-2017-2789

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-02-24T22:59:00.153

Modified: 2024-11-21T03:24:09.400

Link: CVE-2017-2789

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Ichitaro", "vendor": "JustSystems", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-02-24T00:00:00", "descriptions": [{"lang": "en", "value": "When copying filedata into a buffer, JustSystems Ichitaro Office 2016 Trial will calculate two values to determine how much data to copy from the document. If both of these values are larger than the size of the buffer, the application will choose the smaller of the two and trust it to copy data from the file. This value is larger than the buffer size, which leads to a heap-based buffer overflow. This overflow corrupts an offset in the heap used in pointer arithmetic for writing data and can lead to code execution under the context of the application."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "remote code execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-04-19T18:22:12", "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos"}, "references": [{"name": "96438", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/96438"}, {"tags": ["x_refsource_MISC"], "url": "http://www.talosintelligence.com/reports/TALOS-2016-0196/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "talos-cna@cisco.com", "ID": "CVE-2017-2789", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Ichitaro", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "JustSystems"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "When copying filedata into a buffer, JustSystems Ichitaro Office 2016 Trial will calculate two values to determine how much data to copy from the document. If both of these values are larger than the size of the buffer, the application will choose the smaller of the two and trust it to copy data from the file. This value is larger than the buffer size, which leads to a heap-based buffer overflow. This overflow corrupts an offset in the heap used in pointer arithmetic for writing data and can lead to code execution under the context of the application."}]}, "impact": {"cvss": {"baseScore": 8.8, "baseSeverity": "High", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "remote code execution"}]}]}, "references": {"reference_data": [{"name": "96438", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96438"}, {"name": "http://www.talosintelligence.com/reports/TALOS-2016-0196/", "refsource": "MISC", "url": "http://www.talosintelligence.com/reports/TALOS-2016-0196/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:02:07.828Z"}, "title": "CVE Program Container", "references": [{"name": "96438", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/96438"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.talosintelligence.com/reports/TALOS-2016-0196/"}]}]}, "cveMetadata": {"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "cveId": "CVE-2017-2789", "datePublished": "2017-02-24T22:00:00", "dateReserved": "2016-12-01T00:00:00", "dateUpdated": "2024-08-05T14:02:07.828Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:justsystems:ichitaro:*:*:*:*:*:*:*:*", "matchCriteriaId": "869571E4-7544-48EE-9839-927A3F6315E2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "When copying filedata into a buffer, JustSystems Ichitaro Office 2016 Trial will calculate two values to determine how much data to copy from the document. If both of these values are larger than the size of the buffer, the application will choose the smaller of the two and trust it to copy data from the file. This value is larger than the buffer size, which leads to a heap-based buffer overflow. This overflow corrupts an offset in the heap used in pointer arithmetic for writing data and can lead to code execution under the context of the application."}, {"lang": "es", "value": "Cuando se copian datos de archivos en un b\u00fafer, JustSystems Ichitaro Office 2016 Trial calcular\u00e1 dos valores para determinar cuantos datos copiar desde el documento. Si ambos valores son m\u00e1s grandes que el tama\u00f1o del b\u00fafer, la aplicaci\u00f3n escoger\u00e1 el m\u00e1s peque\u00f1o de los dos y confiar\u00e1 en \u00e9l para copiar datos desde el archivo. Este valor es mayor que el tama\u00f1o de b\u00fafer, lo que conduce a un desbordamiento de b\u00fafer basado en memoria din\u00e1mica. Este desbordamiento corrompe un desplazamiento en la memoria din\u00e1mica utilizada en la aritm\u00e9tica de puntero para escribir datos y puede conducir a ejecuci\u00f3n de c\u00f3digo bajo el contexto de la aplicaci\u00f3n."}], "id": "CVE-2017-2789", "lastModified": "2024-11-21T03:24:09.400", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "talos-cna@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-02-24T22:59:00.153", "references": [{"source": "talos-cna@cisco.com", "url": "http://www.securityfocus.com/bid/96438"}, {"source": "talos-cna@cisco.com", "url": "http://www.talosintelligence.com/reports/TALOS-2016-0196/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/96438"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.talosintelligence.com/reports/TALOS-2016-0196/"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}