CVE-2014-7247
published 2014-11-26CVE-2014-7247: Unspecified vulnerability in JustSystems Ichitaro 2008 through 2011; Ichitaro Government 6, 7, 2008, 2009, and 2010; Ichitaro Pro; Ichitaro Pro 2; Ichitaro…
PriorityP273critical10CVSS 2.0
AVNACLAuNCCICAC
ITWVulnCheck KEV
Exploited in the wild
EPSS
5.33%
91.6th percentile
Unspecified vulnerability in JustSystems Ichitaro 2008 through 2011; Ichitaro Government 6, 7, 2008, 2009, and 2010; Ichitaro Pro; Ichitaro Pro 2; Ichitaro 2011 Sou; Ichitaro 2012 Shou; Ichitaro 2013 Gen; and Ichitaro 2014 Tetsu allows remote attackers to execute arbitrary code via a crafted file.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| justsystems | ichitaro | — | — |
| justsystems | ichitaro | — | — |
| justsystems | ichitaro | — | — |
| justsystems | ichitaro | — | — |
| justsystems | ichitaro | — | — |
| justsystems | ichitaro | — | — |
| justsystems | ichitaro | — | — |
| justsystems | ichitaro | — | — |
| justsystems | ichitaro | — | — |
| justsystems | ichitaro_pro | — | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vulncheck10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-724p-pmj5-xjvx: Unspecified vulnerability in JustSystems Ichitaro 2008 through 2011; Ichitaro Government 6, 7, 2008, 2009, and 2010; Ichitaro Pro; Ichitaro Pro 2; Ich
ghsa_unreviewed·2022-05-17
CVE-2014-7247 [HIGH] GHSA-724p-pmj5-xjvx: Unspecified vulnerability in JustSystems Ichitaro 2008 through 2011; Ichitaro Government 6, 7, 2008, 2009, and 2010; Ichitaro Pro; Ichitaro Pro 2; Ich
Unspecified vulnerability in JustSystems Ichitaro 2008 through 2011; Ichitaro Government 6, 7, 2008, 2009, and 2010; Ichitaro Pro; Ichitaro Pro 2; Ichitaro 2011 Sou; Ichitaro 2012 Shou; Ichitaro 2013 Gen; and Ichitaro 2014 Tetsu allows remote attackers to execute arbitrary code via a crafted file.
VulnCheck
JustSystems Remote Code Execution
vulncheck·2014·CVSS 10.0
CVE-2014-7247 [CRITICAL] JustSystems Remote Code Execution
JustSystems Remote Code Execution
Unspecified vulnerability in JustSystems Ichitaro 2008 through 2011; Ichitaro Government 6, 7, 2008, 2009, and 2010; Ichitaro Pro; Ichitaro Pro 2; Ichitaro 2011 Sou; Ichitaro 2012 Shou; Ichitaro 2013 Gen; and Ichitaro 2014 Tetsu allows remote attackers to execute arbitrary code via a crafted file.
Affected: justsystems ichitaro
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/troj_tarodrop.yh; https://threatpost.com/virus-bulletin-japanese-attacks-apt-strategygy/148859/; https://www.virusbulletin.com/virusbulletin/2020/05/vb2019-paper-apt-cases-exploiting-vuln
No detection rules found.
2014-11-26
Published
Exploited in the wild