CVE-2017-10870

moderate-risk

Published 2017-11-02

Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki 2018, Rakuraku Hagaki 2017, Rakuraku Hagaki 2016) and Rakuraku Hagaki Select for Ichitaro (Ichitaro 2017, Ichitaro 2016, Ichitaro 2015, Ichitaro Pro3, Ichitaro Pro2, Ichitaro Pro, Ichitaro 2011, Ichitaro Government 8, Ichitaro Government 7, Ichitaro Government 6 and Ichitaro 2017 Trial version) allows attackers to execute arbitrary code with privileges of the application via specially crafted file.

Do I need to act?

0.34% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (14)

Easy Postcard 2016

Ichitaro 2016

Ichitaro 2018

Ichitaro Government 8

Ichitaro Pro 2

Ichitaro Pro 2011

Easy Postcard 2017

Easy Postcard 2018

Ichitaro 2017

Ichitaro 2017 Trial Version

Ichitaro Government 6

Ichitaro Government 7

Ichitaro Pro

Ichitaro Pro 3

Affected Vendors

Justsystems

References (4)

Third Party Advisory https://jvn.jp/en/vu/JVNVU93703434/index.html

Patch https://www.justsystems.com/jp/info/js17003.html

Third Party Advisory https://jvn.jp/en/vu/JVNVU93703434/index.html

Patch https://www.justsystems.com/jp/info/js17003.html

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 1/34 · Minimal

Exposure 18/34 · Moderate