CVE-2014-2003
Summary
| CVE | CVE-2014-2003 |
|---|---|
| State | PUBLISHED |
| Assigner | jpcert |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-06-16 14:55:05 UTC |
| Updated | 2026-05-06 22:30:45 UTC |
| Description | JustSystems JUST Online Update, as used in Ichitaro through 2014 and other products, does not properly validate signatures of update modules, which allows remote attackers to spoof modules and execute arbitrary code via a crafted signature. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
HighAuthentication
NoneConfidentiality
CompleteIntegrity
CompleteAvailability
CompleteAV:N/AC:H/Au:N/C:C/I:C/A:C
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Justsystems | Ichitaro | 10 | All | All | All |
| Application | Justsystems | Ichitaro | 11 | All | All | All |
| Application | Justsystems | Ichitaro | 12 | All | All | All |
| Application | Justsystems | Ichitaro | 13 | All | All | All |
| Application | Justsystems | Ichitaro | 2004 | All | All | All |
| Application | Justsystems | Ichitaro | 2005 | All | All | All |
| Application | Justsystems | Ichitaro | 2006 | All | All | All |
| Application | Justsystems | Ichitaro | 2006 | - | government | All |
| Application | Justsystems | Ichitaro | 2007 | All | All | All |
| Application | Justsystems | Ichitaro | 2007 | - | government | All |
| Application | Justsystems | Ichitaro | 2008 | All | All | All |
| Application | Justsystems | Ichitaro | 2008 | - | government | All |
| Application | Justsystems | Ichitaro | 2009 | All | All | All |
| Application | Justsystems | Ichitaro | 2009 | - | government | All |
| Application | Justsystems | Ichitaro | 2009 | - | trial | All |
| Application | Justsystems | Ichitaro | 2010 | All | All | All |
| Application | Justsystems | Ichitaro | 2010 | - | government | All |
| Application | Justsystems | Ichitaro | 2011 | All | All | All |
| Application | Justsystems | Ichitaro | 2011 | - | sou | All |
| Application | Justsystems | Ichitaro | 2012 | - | shou | All |
| Application | Justsystems | Ichitaro | 2013 | - | gen | All |
| Application | Justsystems | Ichitaro | 2013 | - | gen_trial | All |
| Application | Justsystems | Ichitaro | All | All | All | All |
| Application | Justsystems | Just Online Update | - | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [JS14002]ジャストシステム商品に添付のオンラインアップデート機能の脆弱性対策 | お知らせ | ジャストシステム | af854a3a-2127-422b-91ae-364da2661108 | www.justsystems.com | Vendor Advisory |
| 複数のジャストシステム製品同梱の「オンラインアップデートプログラム」に任意のコード実行可能な脆弱性について(JVN#50129191):IPA 独立行政法人 情報処理推進機構 | af854a3a-2127-422b-91ae-364da2661108 | www.ipa.go.jp | |
| JVN#50129191: JustSystems Online Update Program bundled with JustSystems products vulnerable to arbitrary code execution | af854a3a-2127-422b-91ae-364da2661108 | jvn.jp | |
| jvndb.jvn.jp/jvndb/JVNDB-2014-000053 | af854a3a-2127-422b-91ae-364da2661108 | jvndb.jvn.jp | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.