CVE-2014-7247
critical
CVSS v3
—
CVSS v2
10.0
VIR risk
10.0
Description
Unspecified vulnerability in JustSystems Ichitaro 2008 through 2011; Ichitaro Government 6, 7, 2008, 2009, and 2010; Ichitaro Pro; Ichitaro Pro 2; Ichitaro 2011 Sou; Ichitaro 2012 Shou; Ichitaro 2013 Gen; and Ichitaro 2014 Tetsu allows remote attackers to execute arbitrary code via a crafted file.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: vultures@jpcert.or.jp — http://www.justsystems.com/jp/info/js14003.html
Vendor advisory: vultures@jpcert.or.jp — http://jvndb.jvn.jp/jvndb/JVNDB-2014-000131
Vendor advisory: vultures@jpcert.or.jp — http://jvn.jp/en/jp/JVN16318793/index.html
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| justsystems | ichitaro | 6 | |
| justsystems | ichitaro | 7 | |
| justsystems | ichitaro | 2008 | |
| justsystems | ichitaro | 2009 | |
| justsystems | ichitaro | 2010 | |
| justsystems | ichitaro | 2011 | |
| justsystems | ichitaro | 2012 | |
| justsystems | ichitaro | 2013 | |
| justsystems | ichitaro | 2014 | |
| justsystems | ichitaro_pro | - | |
| justsystems | ichitaro_pro | 2 | |
References
CWEs
CWE-19
Verify integrity in audit chain (admin only). AS-IS.