7.8
CVE-2017-10870
- EPSS 0.34%
- Veröffentlicht 02.11.2017 15:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
- Quelle vultures@jpcert.or.jp
- CVE-Watchlists
- Unerledigt
LoginMemory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki 2018, Rakuraku Hagaki 2017, Rakuraku Hagaki 2016) and Rakuraku Hagaki Select for Ichitaro (Ichitaro 2017, Ichitaro 2016, Ichitaro 2015, Ichitaro Pro3, Ichitaro Pro2, Ichitaro Pro, Ichitaro 2011, Ichitaro Government 8, Ichitaro Government 7, Ichitaro Government 6 and Ichitaro 2017 Trial version) allows attackers to execute arbitrary code with privileges of the application via specially crafted file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Justsystems ≫ Easy Postcard 2016 Version-
Justsystems ≫ Easy Postcard 2017 Version-
Justsystems ≫ Easy Postcard 2018 Version-
Justsystems ≫ Ichitaro 2016 Version-
Justsystems ≫ Ichitaro 2017 Version-
Justsystems ≫ Ichitaro 2017 Trial Version Version-
Justsystems ≫ Ichitaro 2018 Version-
Justsystems ≫ Ichitaro Government 6 Version-
Justsystems ≫ Ichitaro Government 7 Version-
Justsystems ≫ Ichitaro Government 8 Version-
Justsystems ≫ Ichitaro Pro Version-
Justsystems ≫ Ichitaro Pro 2 Version-
Justsystems ≫ Ichitaro Pro 2011 Version-
Justsystems ≫ Ichitaro Pro 3 Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.34% | 0.562 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.