NVD

Id
82537  
Name
CVE-2017-2789  
Description
When copying filedata into a buffer, JustSystems Ichitaro Office 2016 Trial will calculate two values to determine how much data to copy from the document. If both of these values are larger than the size of the buffer, the application will choose the smaller of the two and trust it to copy data from the file. This value is larger than the buffer size, which leads to a heap-based buffer overflow. This overflow corrupts an offset in the heap used in pointer arithmetic for writing data and can lead to code execution under the context of the application.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-03-18  
Published
2017-02-24  
Modified Date
2017-03-02  
Seq
2017-2789  

Actions

Related NVD References

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
65563 JVNDB-2017-001926 ジャストシステムの一太郎 Office におけるヒープベースのバッファオーバーフローの脆弱性 ジャストシステムの一太郎 Office には、ファイルデータをバッファにコピーする際、ヒープベースのバッファオーバーフローの脆弱性が存在します。 CVE-2017-2789 CVE-2017-2789 82537 7.5 9.8 http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-001926.html 2017-02-24 2017-03-23 View