CVE-2023-35126

Exploit

EPSS 0.16%
Veröffentlicht 19.10.2023 17:15:10
Zuletzt bearbeitet 21.11.2024 08:07:59
Quelle talos-cna@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

An out-of-bounds write vulnerability exists within the parsers for both the "DocumentViewStyles" and "DocumentEditStyles" streams of Ichitaro 2023 1.0.1.59372 when processing types 0x0000-0x0009 of a style record with the type 0x2008. A specially crafted document can cause memory corruption, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Justsystems ≫ Easy Postcard Max Version-

Justsystems ≫ Ichitaro 2021 Version-

Justsystems ≫ Ichitaro 2022 Version-

Justsystems ≫ Ichitaro 2023 Version1.0.1.59372

Justsystems ≫ Ichitaro Government 10 Version-

Justsystems ≫ Ichitaro Government 8 Version-

Justsystems ≫ Ichitaro Government 9 Version-

Justsystems ≫ Ichitaro Pro 3 Version-

Justsystems ≫ Ichitaro Pro 4 Version-

Justsystems ≫ Ichitaro Pro 5 Version-

Justsystems ≫ Just Government 3 Version-

Justsystems ≫ Just Government 4 Version-

Justsystems ≫ Just Government 5 Version-

Justsystems ≫ Just Office 3 Version-

Justsystems ≫ Just Office 4 Version-

Justsystems ≫ Just Office 5 Version-

Justsystems ≫ Just Police 3 Version-

Justsystems ≫ Just Police 4 Version-

Justsystems ≫ Just Police 5 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.373

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
talos-cna@cisco.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://jvn.jp/en/jp/JVN28846531/index.html

Third Party Advisory

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1825

Third Party Advisory

Exploit

https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1825

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-35126

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-35126

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-35126

EUVD