Vulnerabilities > CVE-2023-38128 - Out-of-bounds Write vulnerability in Justsystems products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

justsystems

CWE-787

NVD

Published: 2023-10-19

Updated: 2023-10-25

Summary

An out-of-bounds write vulnerability exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause a type confusion, which can lead to memory corruption and eventually arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Justsystems Justsystems Ichitaro Government 8 - Justsystems Ichitaro PRO 3 - Justsystems Ichitaro 2022 - Justsystems Ichitaro 2021 - Justsystems Easy Postcard MAX - Justsystems Just Office 5 - Justsystems Just Office 4 - Justsystems Just Office 3 - Justsystems Just Government 5 - Justsystems Just Government 4 - Justsystems Just Government 3 - Justsystems Just Police 5 - Justsystems Just Police 4 - Justsystems Just Police 3 - Justsystems Ichitaro PRO 5 - Justsystems Ichitaro PRO 4 - Justsystems Ichitaro Government 10 - Justsystems Ichitaro Government 9 - Justsystems Ichitaro 2023 1.0.1.59372	19

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References