PT-2017-15538 · Justsystems · Justsystems Ichitaro Office

Published

2017-02-24

Updated

2022-04-19

CVE-2017-2790

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions JustSystems Ichitaro Office (affected versions not specified)

Description The issue occurs when processing a specific record type from an Excel file, leading to a heap-based buffer overflow. This can result in code execution under the context of the application. The overflow happens because the application trusts that the size is greater than zero, subtracts one from the length, and uses this result as the size for a memcpy.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2017-2790

Affected Products

Justsystems Ichitaro Office

PT-2017-15538 · Justsystems · Justsystems Ichitaro Office

CVE-2017-2790

Weakness Enumeration

Related Identifiers

Affected Products

References · 3