Vulnerability CVE-2014-2003


Published: 2014-06-16

Description:
JustSystems JUST Online Update, as used in Ichitaro through 2014 and other products, does not properly validate signatures of update modules, which allows remote attackers to spoof modules and execute arbitrary code via a crafted signature.

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.6/10
10/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Justsystems -> Ichitaro 
Justsystems -> Just online update 

 References:
http://www.justsystems.com/jp/info/js14002.html
http://www.ipa.go.jp/security/ciadr/vul/20140611-jvn.html
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000053
http://jvn.jp/en/jp/JVN50129191/index.html

Copyright 2024, cxsecurity.com

 

Back to Top