CVE-2006-6400
published 2006-12-10CVE-2006-6400: Buffer overflow in JustSystems Hanako 2004 through 2006, Hanako viewer 1.x, Ichitaro 2004, Ichitaro 2005, Ichitaro Lite2, Ichitaro viewer 4.x, and Sanshiro…
PriorityP431medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
3.01%
85.7th percentile
Buffer overflow in JustSystems Hanako 2004 through 2006, Hanako viewer 1.x, Ichitaro 2004, Ichitaro 2005, Ichitaro Lite2, Ichitaro viewer 4.x, and Sanshiro 2005 allows remote attackers to execute arbitrary code via the (1) Keyword and (2) Title fields, related to string length fields.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| justsystem | hanako | — | — |
| justsystem | hanako | — | — |
| justsystem | hanako | — | — |
| justsystem | hanako_viewer | — | — |
| justsystem | ichitaro | — | — |
| justsystem | ichitaro | — | — |
| justsystem | ichitaro | — | — |
| justsystem | ichitaro_lite2 | — | — |
| justsystem | ichitaro_viewer | — | — |
| justsystem | sanshiro | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vulncheck7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2jvm-ch9q-pwc4: Buffer overflow in JustSystems Hanako 2004 through 2006, Hanako viewer 1
ghsa_unreviewed·2022-05-01
CVE-2006-6400 [MEDIUM] CWE-119 GHSA-2jvm-ch9q-pwc4: Buffer overflow in JustSystems Hanako 2004 through 2006, Hanako viewer 1
Buffer overflow in JustSystems Hanako 2004 through 2006, Hanako viewer 1.x, Ichitaro 2004, Ichitaro 2005, Ichitaro Lite2, Ichitaro viewer 4.x, and Sanshiro 2005 allows remote attackers to execute arbitrary code via the (1) Keyword and (2) Title fields, related to string length fields.
GHSA
GHSA-r8m8-h626-xgw4: Unspecified vulnerability, possibly a buffer overflow, in Justsystem Ichitaro 2007 and earlier allows remote attackers to execute arbitrary code via a
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2007-4246 [HIGH] GHSA-r8m8-h626-xgw4: Unspecified vulnerability, possibly a buffer overflow, in Justsystem Ichitaro 2007 and earlier allows remote attackers to execute arbitrary code via a
Unspecified vulnerability, possibly a buffer overflow, in Justsystem Ichitaro 2007 and earlier allows remote attackers to execute arbitrary code via a modified document, as actively exploited in August 2007 by malware such as Tarodrop.D (Tarodrop.Q), a different vulnerability than CVE-2006-4326, CVE-2006-5424, CVE-2006-6400, and CVE-2007-1938.
VulnCheck
Justsystem Ichitaro 2007 and earlier Remote Code Execution
vulncheck·2007·CVSS 7.5
CVE-2007-4246 [HIGH] Justsystem Ichitaro 2007 and earlier Remote Code Execution
Justsystem Ichitaro 2007 and earlier Remote Code Execution
Unspecified vulnerability, possibly a buffer overflow, in Justsystem Ichitaro 2007 and earlier allows remote attackers to execute arbitrary code via a modified document, as actively exploited in August 2007 by malware such as Tarodrop.D (Tarodrop.Q), a different vulnerability than CVE-2006-4326, CVE-2006-5424, CVE-2006-6400, and CVE-2007-1938.
Affected: justsystem ichitaro
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.justsystems.com/jp/corporate/info/pd7003.html
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://jvn.jp/jp/JVN%2347272891/index.htmlhttp://secunia.com/advisories/23185http://securitytracker.com/id?1017336http://www.justsystem.co.jp/info/pd6005.htmlhttp://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/92_e.htmlhttp://www.securityfocus.com/bid/21445http://www.vupen.com/english/advisories/2006/4857http://jvn.jp/jp/JVN%2347272891/index.htmlhttp://secunia.com/advisories/23185http://securitytracker.com/id?1017336http://www.justsystem.co.jp/info/pd6005.htmlhttp://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/92_e.htmlhttp://www.securityfocus.com/bid/21445http://www.vupen.com/english/advisories/2006/4857
2006-12-10
Published