CVE-2014-2003

Summary

CVE	CVE-2014-2003
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2014-06-16 14:55:00 UTC
Updated	2014-06-16 16:43:00 UTC
Description	JustSystems JUST Online Update, as used in Ichitaro through 2014 and other products, does not properly validate signatures of update modules, which allows remote attackers to spoof modules and execute arbitrary code via a crafted signature.

Risk And Classification

Problem Types: CWE-20

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Justsystems	Ichitaro	10	All	All	All
Application	Justsystems	Ichitaro	11	All	All	All
Application	Justsystems	Ichitaro	12	All	All	All
Application	Justsystems	Ichitaro	13	All	All	All
Application	Justsystems	Ichitaro	2004	All	All	All
Application	Justsystems	Ichitaro	2005	All	All	All
Application	Justsystems	Ichitaro	2006	All	All	All
Application	Justsystems	Ichitaro	2006	-	government	All
Application	Justsystems	Ichitaro	2007	All	All	All
Application	Justsystems	Ichitaro	2007	-	government	All
Application	Justsystems	Ichitaro	2008	All	All	All
Application	Justsystems	Ichitaro	2008	-	government	All
Application	Justsystems	Ichitaro	2009	All	All	All
Application	Justsystems	Ichitaro	2009	-	government	All
Application	Justsystems	Ichitaro	2009	-	trial	All
Application	Justsystems	Ichitaro	2010	All	All	All
Application	Justsystems	Ichitaro	2010	-	government	All
Application	Justsystems	Ichitaro	2011	All	All	All
Application	Justsystems	Ichitaro	2011	-	sou	All
Application	Justsystems	Ichitaro	2012	-	shou	All
Application	Justsystems	Ichitaro	2013	-	gen	All
Application	Justsystems	Ichitaro	2013	-	gen_trial	All
Application	Justsystems	Ichitaro	10	All	All	All
Application	Justsystems	Ichitaro	11	All	All	All
Application	Justsystems	Ichitaro	12	All	All	All
Application	Justsystems	Ichitaro	13	All	All	All
Application	Justsystems	Ichitaro	2004	All	All	All
Application	Justsystems	Ichitaro	2005	All	All	All
Application	Justsystems	Ichitaro	2006	All	All	All
Application	Justsystems	Ichitaro	2006	-	government	All
Application	Justsystems	Ichitaro	2007	All	All	All
Application	Justsystems	Ichitaro	2007	-	government	All
Application	Justsystems	Ichitaro	2008	All	All	All
Application	Justsystems	Ichitaro	2008	-	government	All
Application	Justsystems	Ichitaro	2009	All	All	All
Application	Justsystems	Ichitaro	2009	-	government	All
Application	Justsystems	Ichitaro	2009	-	trial	All
Application	Justsystems	Ichitaro	2010	All	All	All
Application	Justsystems	Ichitaro	2010	-	government	All
Application	Justsystems	Ichitaro	2011	All	All	All
Application	Justsystems	Ichitaro	2011	-	sou	All
Application	Justsystems	Ichitaro	2012	-	shou	All
Application	Justsystems	Ichitaro	2013	-	gen	All
Application	Justsystems	Ichitaro	2013	-	gen_trial	All
Application	Justsystems	Ichitaro	All	All	All	All
Application	Justsystems	Just Online Update	-	All	All	All
Application	Justsystems	Just Online Update	-	All	All	All

References

Reference	Source	Link	Tags
JVN#50129191: JustSystems Online Update Program bundled with JustSystems products vulnerable to arbitrary code execution	JVN	jvn.jp
JVNDB-2014-000053	JVNDB	jvndb.jvn.jp
複数のジャストシステム製品同梱の「オンラインアップデートプログラム」に任意のコード実行可能な脆弱性について（JVN#50129191）：IPA 独立行政法人情報処理推進機構	MISC	www.ipa.go.jp
[JS14002]ジャストシステム商品に添付のオンラインアップデート機能の脆弱性対策 \| お知らせ \| ジャストシステム	CONFIRM	www.justsystems.com	Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.