Lucene search

[email protected]CVE-2007-6436

HistoryDec 18, 2007 - 8:46 p.m.

CVE-2007-6436

2007-12-1820:46:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2007-6436

ichitaro

jsgci.dll

buffer overflow

remote code execution

tarodrop.f trojan

8.8 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.06 Low

EPSS

Percentile

93.5%

JSON

Stack-based buffer overflow in JSGCI.DLL in JustSystems Ichitaro 2005, 2006, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted document, as actively exploited in December 2007 by the Tarodrop.F trojan. NOTE: some of these details are obtained from third party information.

CPENameOperatorVersion
justsystem:ichitarojustsystem ichitaroeq2007
justsystem:ichitarojustsystem ichitaroeq2006
justsystem:ichitarojustsystem ichitaroeq2005

CPE	Name	Operator	Version
justsystem:ichitaro	justsystem ichitaro	eq	2007
justsystem:ichitaro	justsystem ichitaro	eq	2006
justsystem:ichitaro	justsystem ichitaro	eq	2005

References

secunia.com/advisories/27992

www.osvdb.org/39395

www.symantec.com/security_response/writeup.jsp?docid=2007-121308-3953-99

www.vupen.com/english/advisories/2007/4213

exchange.xforce.ibmcloud.com/vulnerabilities/39025

8.8 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.06 Low

EPSS

Percentile

93.5%

JSON

Related for CVE-2007-6436

prion1 cvelist1