HIGH🇵🇱 Wersja polska

CVE-2014-2003

CVSS 7.6v2.0pub. 2014-06-16upd. 2026-05-06

JustSystems JUST Online Update, as used in Ichitaro through 2014 and other products, does not properly validate signatures of update modules, which allows remote attackers to spoof modules and execute arbitrary code via a crafted signature.

CVSS Vector
AV:N/AC:H/Au:N/C:C/I:C/A:C
  • Justsystems Ichitaro

    APP
    Justsystems
    101112132004200520062007200820092010201120122013≤ 2014
  • Justsystems Just Online Update

    APP
    Justsystems
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2017-2790HIGH8.8ten sam produkt

When processing a record type of 0x3c from a Workbook stream from an Excel file (.xls), JustSystems Ichitaro O...

CVE-2017-2791HIGH7.5ten sam produkt

JustSystems Ichitaro 2016 Trial contains a vulnerability that exists when trying to open a specially crafted P...

CVE-2017-2789HIGH8.8ten sam produkt

When copying filedata into a buffer, JustSystems Ichitaro Office 2016 Trial will calculate two values to deter...

CVE-2014-7247HIGH10.0ten sam produkt

Unspecified vulnerability in JustSystems Ichitaro 2008 through 2011; Ichitaro Government 6, 7, 2008, 2009, and...

CVE-2013-5990HIGH9.3ten sam produkt

Unspecified vulnerability in JustSystems Ichitaro 2006 through 2011; Ichitaro Government 6, 7, and 2006 throug...