JustSystems Ichitaro Font Information Processing Remote Code Execution Vulnerability

Bugtraq ID:	39369
Class:	Unknown
CVE:
Remote:	Yes
Local:	No
Published:	Apr 12 2010 12:00AM
Updated:	Apr 12 2010 12:00AM
Credit:	JustSystems
Vulnerable:	JustSystems Ichitaro 2010 JustSystems Ichitaro 2009 JustSystems Ichitaro 2008 JustSystems Ichitaro 2007 JustSystems Ichitaro 2006
Not Vulnerable:

JustSystems Ichitaro Font Information Processing Remote Code Execution Vulnerability

Ichitaro is prone to a remote code-execution vulnerability.

Attackers may exploit this issue to execute arbitrary code within the context of the vulnerable application. Failed attempts will result in a denial-of-service condition.

Ichitaro 2010 and prior versions are vulnerable.

JustSystems Ichitaro Font Information Processing Remote Code Execution Vulnerability

The issue is exploited in the wild. The prevalence of the attacks is currently unknown.

Symantec detects the malicious document as Trojan.Taradrop.

JustSystems Ichitaro Font Information Processing Remote Code Execution Vulnerability

Solution:
The vendor has released an advisory and updates. Please see the references for more information.

JustSystems Ichitaro Font Information Processing Remote Code Execution Vulnerability

References:

• A New Ichitaro Vulnerability Springs into Japan (Symantec)
  
• Ichitaro Home Page (JustSystems)
  
• [JS10001] Ichitaro vulnerability (JustSystems)