CVE-2007-1938
published 2007-04-10CVE-2007-1938: Ichitaro 2005 through 2007, and possibly related products, allows remote attackers to have an unknown impact via unspecified vectors in a document distributed…
PriorityP272medium4.3CVSS 2.0
AVNACMAuNCNIPAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
1.45%
70.1th percentile
Ichitaro 2005 through 2007, and possibly related products, allows remote attackers to have an unknown impact via unspecified vectors in a document distributed through e-mail or a web site, possibly due to a buffer overflow or cross-site scripting (XSS).
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ichitaro | ichitaro | — | — |
| ichitaro | ichitaro | — | — |
| ichitaro | ichitaro | — | — |
| justsystem | ichitaro | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fmj3-hc6m-crx3: Ichitaro 2005 through 2007, and possibly related products, allows remote attackers to have an unknown impact via unspecified vectors in a document dis
ghsa_unreviewed·2022-05-01
CVE-2007-1938 [MEDIUM] CWE-119 GHSA-fmj3-hc6m-crx3: Ichitaro 2005 through 2007, and possibly related products, allows remote attackers to have an unknown impact via unspecified vectors in a document dis
Ichitaro 2005 through 2007, and possibly related products, allows remote attackers to have an unknown impact via unspecified vectors in a document distributed through e-mail or a web site, possibly due to a buffer overflow or cross-site scripting (XSS).
GHSA
GHSA-r8m8-h626-xgw4: Unspecified vulnerability, possibly a buffer overflow, in Justsystem Ichitaro 2007 and earlier allows remote attackers to execute arbitrary code via a
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2007-4246 [HIGH] GHSA-r8m8-h626-xgw4: Unspecified vulnerability, possibly a buffer overflow, in Justsystem Ichitaro 2007 and earlier allows remote attackers to execute arbitrary code via a
Unspecified vulnerability, possibly a buffer overflow, in Justsystem Ichitaro 2007 and earlier allows remote attackers to execute arbitrary code via a modified document, as actively exploited in August 2007 by malware such as Tarodrop.D (Tarodrop.Q), a different vulnerability than CVE-2006-4326, CVE-2006-5424, CVE-2006-6400, and CVE-2007-1938.
VulnCheck
ichitaro ichitaro Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2007·CVSS 4.3
CVE-2007-1938 [MEDIUM] ichitaro ichitaro Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
ichitaro ichitaro Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Ichitaro 2005 through 2007, and possibly related products, allows remote attackers to have an unknown impact via unspecified vectors in a document distributed through e-mail or a web site, possibly due to a buffer overflow or cross-site scripting (XSS).
Affected: ichitaro ichitaro
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.justsystems.com/jp/corporate/info/pd7002.html
VulnCheck
Justsystem Ichitaro 2007 and earlier Remote Code Execution
vulncheck·2007·CVSS 7.5
CVE-2007-4246 [HIGH] Justsystem Ichitaro 2007 and earlier Remote Code Execution
Justsystem Ichitaro 2007 and earlier Remote Code Execution
Unspecified vulnerability, possibly a buffer overflow, in Justsystem Ichitaro 2007 and earlier allows remote attackers to execute arbitrary code via a modified document, as actively exploited in August 2007 by malware such as Tarodrop.D (Tarodrop.Q), a different vulnerability than CVE-2006-4326, CVE-2006-5424, CVE-2006-6400, and CVE-2007-1938.
Affected: justsystem ichitaro
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.justsystems.com/jp/corporate/info/pd7003.html
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://osvdb.org/34759http://secunia.com/advisories/24780http://vil.mcafeesecurity.com/vil/content/v_141950.htmhttp://www.justsystem.co.jp/info/pd7002.htmlhttp://www.securityfocus.com/bid/23386http://www.securitytracker.com/id?1017887http://www.vupen.com/english/advisories/2007/1287https://exchange.xforce.ibmcloud.com/vulnerabilities/33507http://osvdb.org/34759http://secunia.com/advisories/24780http://vil.mcafeesecurity.com/vil/content/v_141950.htmhttp://www.justsystem.co.jp/info/pd7002.htmlhttp://www.securityfocus.com/bid/23386http://www.securitytracker.com/id?1017887http://www.vupen.com/english/advisories/2007/1287https://exchange.xforce.ibmcloud.com/vulnerabilities/33507
2007-04-10
Published
Exploited in the wild