CVE-2017-10870

Severity CVSS v4.0:

Pending analysis

Type:

CWE-119 Buffer Errors

Publication date:

02/11/2017

Last modified:

20/04/2025

Description

Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki 2018, Rakuraku Hagaki 2017, Rakuraku Hagaki 2016) and Rakuraku Hagaki Select for Ichitaro (Ichitaro 2017, Ichitaro 2016, Ichitaro 2015, Ichitaro Pro3, Ichitaro Pro2, Ichitaro Pro, Ichitaro 2011, Ichitaro Government 8, Ichitaro Government 7, Ichitaro Government 6 and Ichitaro 2017 Trial version) allows attackers to execute arbitrary code with privileges of the application via specially crafted file.

Impact

Vector 3.x

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS v3.1 Severity and Metrics:

Base Score: 7.80 HIGH
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

Base Score 3.x

7.80

Severity 3.x

HIGH

Vector 2.0

AV:N/AC:M/Au:N/C:P/I:P/A:P CVSS v2.0 Severity and Metrics:

Base Score: 6.80 MEDIUM
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Attack Vector (AV): Network
Attack Complexity (AC): Medium
Authentication (Au): None
Confidentiality (C): Physical
Integrity (I): Physical
Availability (A): Physical

Base Score 2.0

6.80

Severity 2.0

MEDIUM

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:justsystems:easy_postcard_2016:-:::::::*
cpe:2.3:a:justsystems:easy_postcard_2017:-:::::::*
cpe:2.3:a:justsystems:easy_postcard_2018:-:::::::*
cpe:2.3:a:justsystems:ichitaro_2016:-:::::::*
cpe:2.3:a:justsystems:ichitaro_2017:-:::::::*
cpe:2.3:a:justsystems:ichitaro_2017_trial_version:-:::::::*
cpe:2.3:a:justsystems:ichitaro_2018:-:::::::*
cpe:2.3:a:justsystems:ichitaro_government_6:-:::::::*
cpe:2.3:a:justsystems:ichitaro_government_7:-:::::::*
cpe:2.3:a:justsystems:ichitaro_government_8:-:::::::*
cpe:2.3:a:justsystems:ichitaro_pro:-:::::::*
cpe:2.3:a:justsystems:ichitaro_pro_2:-:::::::*
cpe:2.3:a:justsystems:ichitaro_pro_2011:-:::::::*
cpe:2.3:a:justsystems:ichitaro_pro_3:-:::::::*

To consult the complete list of CPE names with products and versions, see this page

CPE	From	Up to
cpe:2.3:a:justsystems:easy_postcard_2016:-:::::::*
cpe:2.3:a:justsystems:easy_postcard_2017:-:::::::*
cpe:2.3:a:justsystems:easy_postcard_2018:-:::::::*
cpe:2.3:a:justsystems:ichitaro_2016:-:::::::*
cpe:2.3:a:justsystems:ichitaro_2017:-:::::::*
cpe:2.3:a:justsystems:ichitaro_2017_trial_version:-:::::::*
cpe:2.3:a:justsystems:ichitaro_2018:-:::::::*
cpe:2.3:a:justsystems:ichitaro_government_6:-:::::::*
cpe:2.3:a:justsystems:ichitaro_government_7:-:::::::*
cpe:2.3:a:justsystems:ichitaro_government_8:-:::::::*
cpe:2.3:a:justsystems:ichitaro_pro:-:::::::*
cpe:2.3:a:justsystems:ichitaro_pro_2:-:::::::*
cpe:2.3:a:justsystems:ichitaro_pro_2011:-:::::::*
cpe:2.3:a:justsystems:ichitaro_pro_3:-:::::::*

CVE-2017-10870

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools