CVE-2011-1331
published 2011-07-18CVE-2011-1331: JustSystems Ichitaro 2005 through 2011, Ichitaro Government 6, Ichitaro Government 2006 through 2010, Ichitaro Portable, Ichitaro Pro, and Ichitaro Viewer…
PriorityP267critical9.3CVSS 2.0
AVNACMAuNCCICAC
ITWVulnCheck KEV
Exploited in the wild
EPSS
5.56%
91.9th percentile
JustSystems Ichitaro 2005 through 2011, Ichitaro Government 6, Ichitaro Government 2006 through 2010, Ichitaro Portable, Ichitaro Pro, and Ichitaro Viewer allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document, as exploited in the wild in early 2011.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| justsystems | ichitaro | — | — |
| justsystems | ichitaro | — | — |
| justsystems | ichitaro | — | — |
| justsystems | ichitaro | — | — |
| justsystems | ichitaro | — | — |
| justsystems | ichitaro | — | — |
| justsystems | ichitaro | — | — |
| justsystems | ichitaro | — | — |
| justsystems | ichitaro_viewer | — | — |
| justsystems | ichitaro_viewer | — | — |
| justsystems | ichitaro_viewer | — | — |
| justsystems | ichitaro_viewer | — | — |
| justsystems | ichitaro_viewer | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vqhx-m344-7rcj: JustSystems Ichitaro 2005 through 2011, Ichitaro Government 6, Ichitaro Government 2006 through 2010, Ichitaro Portable, Ichitaro Pro, and Ichitaro Vi
ghsa_unreviewed·2022-05-17
CVE-2011-1331 [HIGH] CWE-119 GHSA-vqhx-m344-7rcj: JustSystems Ichitaro 2005 through 2011, Ichitaro Government 6, Ichitaro Government 2006 through 2010, Ichitaro Portable, Ichitaro Pro, and Ichitaro Vi
JustSystems Ichitaro 2005 through 2011, Ichitaro Government 6, Ichitaro Government 2006 through 2010, Ichitaro Portable, Ichitaro Pro, and Ichitaro Viewer allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document, as exploited in the wild in early 2011.
VulnCheck
justsystems ichitaro Improper Restriction of Operations within the Bounds of a Memory Buffer
vulncheck·2011·CVSS 9.3
CVE-2011-1331 [CRITICAL] justsystems ichitaro Improper Restriction of Operations within the Bounds of a Memory Buffer
justsystems ichitaro Improper Restriction of Operations within the Bounds of a Memory Buffer
JustSystems Ichitaro 2005 through 2011, Ichitaro Government 6, Ichitaro Government 2006 through 2010, Ichitaro Portable, Ichitaro Pro, and Ichitaro Viewer allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document, as exploited in the wild in early 2011.
Affected: justsystems ichitaro
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.cve.org/CVERecord?id=CVE-2011-1331; https://users.ece.cmu.edu/~tdumitra/public_documents/bilge12_zero_day.pdf; https://www.virusbulletin.com/virusbulletin/20
Suricata
ET SCADA Rockwell RNA Message Large Header Length - 8Kb
suricata·2011-09-30
ET SCADA Rockwell RNA Message Large Header Length - 8Kb
ET SCADA Rockwell RNA Message Large Header Length - 8Kb
Rule: alert tcp any !443 -> $HOME_NET [1330,1331,1332,4241,4242,4445,4446,5241,6543,9111,60093,49281] (msg:"ET SCADA Rockwell RNA Message Large Header Length - 8Kb"; flow:established,to_server; content:"rna|f2|"; startswith; fast_pattern; byte_test:4,>,0x2000,0,relative,little; classtype:attempted-dos; sid:2049795; rev:5; metadata:attack_target ICS, created_at 2011_09_30, cve CVE_2011_3489, deployment Internal, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_12_27, reviewed_at 2024_03_06, former_sid 2803783; target:dest_ip;)
No public exploits indexed.
No writeups or analysis indexed.
http://jvn.jp/en/jp/JVN87239473/index.htmlhttp://jvndb.jvn.jp/jvndb/JVNDB-2011-000043http://secunia.com/advisories/44956http://www.justsystems.com/jp/info/js11001.htmlhttp://www.securityfocus.com/bid/48283http://www.symantec.com/connect/blogs/targeted-attacks-2011-using-ichitaro-zero-day-vulnerabilityhttps://exchange.xforce.ibmcloud.com/vulnerabilities/68072http://jvn.jp/en/jp/JVN87239473/index.htmlhttp://jvndb.jvn.jp/jvndb/JVNDB-2011-000043http://secunia.com/advisories/44956http://www.justsystems.com/jp/info/js11001.htmlhttp://www.securityfocus.com/bid/48283http://www.symantec.com/connect/blogs/targeted-attacks-2011-using-ichitaro-zero-day-vulnerabilityhttps://exchange.xforce.ibmcloud.com/vulnerabilities/68072
2011-07-18
Published
Exploited in the wild