CVE-2023-38128
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD
Description
An out-of-bounds write vulnerability exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause a type confusion, which can lead to memory corruption and eventually arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Affected (19)
Products: Justsystems: Easy Postcard Max, Ichitaro 2021, Ichitaro 2022, Ichitaro 2023, Ichitaro Government 10, Ichitaro Government 8, Ichitaro Government 9, Ichitaro Pro 3, Ichitaro Pro 4, Ichitaro Pro 5, Just Government 3, Just Government 4, Just Government 5, Just Office 3, Just Office 4, Just Office 5, Just Police 3, Just Police 4, Just Police 5
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| All versions | |
| All versions | |
| All versions | |
| Version 1.0.1.59372 | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions |
Related CWEs
CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
References (6)
Source: talos-cna@cisco.com
ExploitThird Party Advisory
Source: talos-cna@cisco.com
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Timeline
No history available yet.