Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Justsystems Subscribe
Total 24 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-36344 1 Justsystems 60 Atok Medical 2, Atok Medical 3, Atok Pro 3 and 57 more 2022-08-23 N/A 9.8 CRITICAL
An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect.
CVE-2022-1542 1 Justsystems 1 Hpb Dashboard 2022-06-08 3.5 LOW 4.8 MEDIUM
The HPB Dashboard WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
CVE-2017-2789 1 Justsystems 1 Ichitaro 2022-04-19 7.5 HIGH 9.8 CRITICAL
When copying filedata into a buffer, JustSystems Ichitaro Office 2016 Trial will calculate two values to determine how much data to copy from the document. If both of these values are larger than the size of the buffer, the application will choose the smaller of the two and trust it to copy data from the file. This value is larger than the buffer size, which leads to a heap-based buffer overflow. This overflow corrupts an offset in the heap used in pointer arithmetic for writing data and can lead to code execution under the context of the application.
CVE-2017-2791 1 Justsystems 1 Ichitaro 2022-04-19 6.8 MEDIUM 7.8 HIGH
JustSystems Ichitaro 2016 Trial contains a vulnerability that exists when trying to open a specially crafted PowerPoint file. Due to the application incorrectly handling the error case for a function's result, the application will use this result in a pointer calculation for reading file data into. Due to this, the application will read data from the file into an invalid address thus corrupting memory. Under the right conditions, this can lead to code execution under the context of the application.
CVE-2017-2790 1 Justsystems 1 Ichitaro 2022-04-19 7.5 HIGH 9.8 CRITICAL
When processing a record type of 0x3c from a Workbook stream from an Excel file (.xls), JustSystems Ichitaro Office trusts that the size is greater than zero, subtracts one from the length, and uses this result as the size for a memcpy. This results in a heap-based buffer overflow and can lead to code execution under the context of the application.
CVE-2012-1242 1 Justsystems 7 Ichitaro, Ichitaro Portable With Oreplug, Ichitaro Viewer and 4 more 2017-12-13 6.9 MEDIUM N/A
Untrusted search path vulnerability in JustSystems Ichitaro 2011 Sou, Ichitaro 2006 through 2011, Ichitaro Government 2006 through 2010, Ichitaro Portable with oreplug, Ichitaro Viewer, JUST School, JUST School 2009 and 2010, JUST Jump 4, JUST Frontier, and oreplug allows local users to gain privileges via a Trojan horse DLL in the current working directory.
CVE-2017-10870 1 Justsystems 14 Easy Postcard 2016, Easy Postcard 2017, Easy Postcard 2018 and 11 more 2017-11-22 6.8 MEDIUM 7.8 HIGH
Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki 2018, Rakuraku Hagaki 2017, Rakuraku Hagaki 2016) and Rakuraku Hagaki Select for Ichitaro (Ichitaro 2017, Ichitaro 2016, Ichitaro 2015, Ichitaro Pro3, Ichitaro Pro2, Ichitaro Pro, Ichitaro 2011, Ichitaro Government 8, Ichitaro Government 7, Ichitaro Government 6 and Ichitaro 2017 Trial version) allows attackers to execute arbitrary code with privileges of the application via specially crafted file.
CVE-2011-1331 1 Justsystems 4 Ichitaro, Ichitaro Portable, Ichitaro Pro and 1 more 2017-08-16 9.3 HIGH N/A
JustSystems Ichitaro 2005 through 2011, Ichitaro Government 6, Ichitaro Government 2006 through 2010, Ichitaro Portable, Ichitaro Pro, and Ichitaro Viewer allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document, as exploited in the wild in early 2011.
CVE-2010-3916 1 Justsystems 1 Ichitaro 2017-08-16 9.3 HIGH N/A
Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Government allows remote attackers to execute arbitrary code via a crafted document, a different vulnerability than CVE-2010-3915.
CVE-2010-3915 1 Justsystems 1 Ichitaro 2017-08-16 9.3 HIGH N/A
Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Government allows remote attackers to execute arbitrary code via a crafted document, a different vulnerability than CVE-2010-3916.
CVE-2010-2152 1 Justsystems 2 Ichitaro, Just School 2017-08-16 9.3 HIGH N/A
Unspecified vulnerability in JustSystems Ichitaro 2004 through 2009, Ichitaro Government 2006 through 2009, and Just School 2008 and 2009 allows remote attackers to execute arbitrary code via unknown vectors related to "product character attribute processing" for a document.
CVE-2009-4737 1 Justsystems 2 Ichitaro, Ichitaro Viewer 2017-08-16 9.3 HIGH N/A
Stack-based buffer overflow in JustSystems Corporation Ichitaro 13, 2004 through 2009, Viewer 2009 19.0.1.0 and earlier, and other versions allows context-dependent attackers to execute arbitrary code via a crafted Rich Text File (RTF), related to "pvpara ffooter."
CVE-2008-3919 1 Justsystems 1 Ichitaro 2017-08-07 9.3 HIGH N/A
Unspecified vulnerability in multiple JustSystems Ichitaro products allows remote attackers to execute arbitrary code via a crafted JTD document, as exploited in the wild in August 2008.
CVE-2017-2154 1 Justsystems 9 Hanako, Hanako Police, Hanako Pro and 6 more 2017-05-11 6.8 MEDIUM 7.8 HIGH
Untrusted search path vulnerability in Hanako 2017, Hanako 2016, Hanako 2015, Hanako Pro 3, JUST Office 3 [Standard], JUST Office 3 [Eco Print Package], JUST Office 3 & Tri-De DataProtect Package, JUST Government 3, JUST Jump Class 2, JUST Frontier 3, JUST School 6 Premium, Hanako Police 5, JUST Police 3, Hanako 2017 trial version allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2014-7247 1 Justsystems 2 Ichitaro, Ichitaro Pro 2015-02-24 10.0 HIGH N/A
Unspecified vulnerability in JustSystems Ichitaro 2008 through 2011; Ichitaro Government 6, 7, 2008, 2009, and 2010; Ichitaro Pro; Ichitaro Pro 2; Ichitaro 2011 Sou; Ichitaro 2012 Shou; Ichitaro 2013 Gen; and Ichitaro 2014 Tetsu allows remote attackers to execute arbitrary code via a crafted file.
CVE-2014-2003 1 Justsystems 2 Ichitaro, Just Online Update 2014-06-16 7.6 HIGH N/A
JustSystems JUST Online Update, as used in Ichitaro through 2014 and other products, does not properly validate signatures of update modules, which allows remote attackers to spoof modules and execute arbitrary code via a crafted signature.
CVE-2014-0810 1 Justsystems 1 Sanshiro 2014-01-29 7.5 HIGH N/A
Unspecified vulnerability in JustSystems Sanshiro 2007 before update 3, 2008 before update 5, 2009 before update 6, and 2010 before update 6, and Sanshiro Viewer before 2.0.2.0, allows remote attackers to execute arbitrary code via a crafted document.
CVE-2013-5990 1 Justsystems 4 Ichitaro, Ichitaro Portable With Oreplug, Ichitaro Pro and 1 more 2013-11-14 9.3 HIGH N/A
Unspecified vulnerability in JustSystems Ichitaro 2006 through 2011; Ichitaro Government 6, 7, and 2006 through 2010; Ichitaro 2011 Sou; Ichitaro 2012 Shou; Ichitaro 2013 Gen and Gen Trial Edition; Ichitaro Pro; Ichitaro Pro 2 and Pro 2 Trial Edition; Ichitaro Viewer; and Ichitaro Portable with oreplug allows remote attackers to execute arbitrary code via a crafted document.
CVE-2013-3644 1 Justsystems 4 Ichitaro, Ichitaro Just School, Ichitaro Portable and 1 more 2013-06-18 10.0 HIGH N/A
Unspecified vulnerability in JustSystems Ichitaro 2006 through 2013; Ichitaro Pro through 2; Ichitaro Government 6, 7, and 2006 through 2010; Ichitaro Portable with oreplug; Ichitaro Viewer; and Ichitaro JUST School through 2010 allows remote attackers to execute arbitrary code via a crafted document.
CVE-2012-4016 2 Google, Justsystems 2 Android, Atok 2013-03-01 4.3 MEDIUM N/A
The ATOK application before 1.0.4 for Android allows remote attackers to read the learning information file, and obtain sensitive input-string information, via a crafted application.