Vulnerability Information Overview Vulnerability Identifier Identifier: JVNDB-2014-000131 Vulnerability Summary Title: Ichitaro series vulnerable to arbitrary code execution Description: The "Ichitaro" series word processing software, developed by JustSystems Corporation, contains a vulnerability that may allow arbitrary code execution. This vulnerability is distinct from other issues previously reported on JVN. CVSS Severity CVSS V2 Severity: 9.3 (High) Base Metrics: - Access Vector: Network - Access Complexity: Medium - Authentication: None - Confidentiality Impact: Complete 着 Integrity Impact: Complete - Availability Impact: Complete Affected Products Vendor: JustSystems Corporation Product List: - Ichitaro 2008, Ichitaro Government 2008 - Ichitaro 2009, Ichitaro Government 2009 - Ichitaro 2010, Ichitaro Government 2010 - Ichitaro 2011 Sou / Ichitaro 2011 - Ichitaro 2012 Shou - Ichitaro 2013 Gen - Ichitaro 2014 Tetsu - Ichitaro 2014 Tetsu Trial Edition - Ichitaro Government 6 - Ichitaro Government 7 - Ichitaro Pro - Ichitaro Pro 2 - Ichitaro Pro 2 Trial Edition Impact and Solution Impact: When a user opens a specially crafted file, arbitrary code may be executed. Solution: Update the software. Apply the appropriate update module as specified by the vendor. Vendor Information Vendor Name: JustSystems Corporation Vendor URL: [JUST SYSTEM Corporation] (JS14003) Vulnerability in Ichitaro may allow arbitrary code execution (in Japanese) CWE & CVE CWE: No Mapping (CWE-noinfo) CVE: CVE-2014-7247 References 1. JVN: JVN#16318793 2. NVD: CVE-2014-7247 3. IPA SECURITY ALERTS: Security Alert for Ichitaro series vulnerable to arbitrary code execution (JVN#16318793) (in Japanese) Update History [2014/11/13]: Web page was published [2014/11/27]: References were added