CVE-2007-6436
published 2007-12-18CVE-2007-6436: Stack-based buffer overflow in JSGCI.DLL in JustSystems Ichitaro 2005, 2006, and 2007 allows user-assisted remote attackers to execute arbitrary code via a…
PriorityP263critical9.3CVSS 2.0
AVNACMAuNCCICAC
ITWVulnCheck KEV
Exploited in the wild
EPSS
4.09%
89.5th percentile
Stack-based buffer overflow in JSGCI.DLL in JustSystems Ichitaro 2005, 2006, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted document, as actively exploited in December 2007 by the Tarodrop.F trojan. NOTE: some of these details are obtained from third party information.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| justsystem | ichitaro | — | — |
| justsystem | ichitaro | — | — |
| justsystem | ichitaro | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6gmh-pj3w-crcf: Stack-based buffer overflow in JSGCI
ghsa_unreviewed·2022-05-01
CVE-2007-6436 [HIGH] CWE-119 GHSA-6gmh-pj3w-crcf: Stack-based buffer overflow in JSGCI
Stack-based buffer overflow in JSGCI.DLL in JustSystems Ichitaro 2005, 2006, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted document, as actively exploited in December 2007 by the Tarodrop.F trojan. NOTE: some of these details are obtained from third party information.
VulnCheck
justsystem ichitaro Improper Restriction of Operations within the Bounds of a Memory Buffer
vulncheck·2007·CVSS 9.3
CVE-2007-6436 [CRITICAL] justsystem ichitaro Improper Restriction of Operations within the Bounds of a Memory Buffer
justsystem ichitaro Improper Restriction of Operations within the Bounds of a Memory Buffer
Stack-based buffer overflow in JSGCI.DLL in JustSystems Ichitaro 2005, 2006, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted document, as actively exploited in December 2007 by the Tarodrop.F trojan. NOTE: some of these details are obtained from third party information.
Affected: justsystem ichitaro
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://nvd.nist.gov/vuln/detail/CVE-2007-6436
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/27992http://www.osvdb.org/39395http://www.symantec.com/security_response/writeup.jsp?docid=2007-121308-3953-99http://www.vupen.com/english/advisories/2007/4213https://exchange.xforce.ibmcloud.com/vulnerabilities/39025http://secunia.com/advisories/27992http://www.osvdb.org/39395http://www.symantec.com/security_response/writeup.jsp?docid=2007-121308-3953-99http://www.vupen.com/english/advisories/2007/4213https://exchange.xforce.ibmcloud.com/vulnerabilities/39025
2007-12-18
Published
Exploited in the wild