CVE-2014-5314

critical

Published 2014-11-24 · Modified 2026-05-06

CVSS v3

—

CVSS v2

9.0

VIR risk

9.0

Description

Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: vultures@jpcert.or.jp — https://cs.cybozu.co.jp/2014/1110-2.html

Application impact

Vendor	Product	Versions
cybozu	office	`{"endIncluding":"10.0.2"}`
cybozu	office	`9.0`
cybozu	dezie	`{"endIncluding":"8.1.0"}`
cybozu	mailwise	`{"endIncluding":"5.1.3"}`
cybozu	mailwise	`4.0`

References

http://jvn.jp/en/jp/JVN14691234/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000130
http://secunia.com/advisories/62248
https://cs.cybozu.co.jp/2014/1110-2.html
http://jvn.jp/en/jp/JVN14691234/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000130
http://secunia.com/advisories/62248
https://cs.cybozu.co.jp/2014/1110-2.html

CWEs

CWE-119

Verify integrity in audit chain (admin only). AS-IS.