Headline
Vulnerability Spotlight: Vulnerabilities in popular Japanese word processing software could lead to arbitrary code execution, other issues
Ichitaro uses the ATOK input method (IME) and uses the proprietary .jtd file extension. It’s the second most-popular word processing system in Japan behind only Microsoft word.
Wednesday, April 5, 2023 11:04
A Cisco Talos researcher discovered these vulnerabilities.
Cisco Talos recently discovered four vulnerabilities in Ichitaro, a popular word processing software in Japan produced by JustSystems that could lead to arbitrary code execution.
Ichitaro uses the ATOK input method (IME) and uses the proprietary .jtd file extension. It’s the second most-popular word processing system in Japan behind only Microsoft word.
Talos discovered four vulnerabilities that could allow an attacker to gain the ability to execute arbitrary code on the targeted machine. TALOS-2022-1673 (CVE-2022-43664) can trigger the reuse of freed memory by the attacker, which can lead to further memory corruption and potentially result in arbitrary code execution after the target opens an attacker-created malicious file. TALOS-2023-1722 (CVE-2023-22660) has a similar effect, though in this case, it’s caused by a buffer overflow condition.
There are two other memory corruption vulnerabilities that can also be triggered if the target opens a specially crafted, malicious document — TALOS-2022-1687 (CVE-2023-22291) and TALOS-2022-1684 (CVE-2022-45115) — which could also lead to code execution.
Cisco Talos worked with JustSystems to ensure these vulnerabilities are resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy.
Users are encouraged to update these affected products as soon as possible: Ichitaro 2022, version 1.0.1.57600. Talos tested and confirmed this version of the word processor could be exploited by these vulnerabilities.
The following Snort rules will detect exploitation attempts against this vulnerability:
61011, 61012, 61091, 61092, 61163, 61164, 61393 and 61394. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Cisco Secure Firewall Management Center or Snort.org.
Related news
A heap-based buffer overflow vulnerability exists in the way Ichitaro version 2022 1.0.1.57600 processes certain LayoutBox stream record types. A specially crafted document can cause a buffer overflow, leading to memory corruption, which can result in arbitrary code execution.To trigger this vulnerability, the victim would need to open a malicious, attacker-created document.
An invalid free vulnerability exists in the Frame stream parser functionality of Ichitaro 2022 1.0.1.57600. A specially crafted document can lead to an attempt to free a stack pointer, which causes memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
A buffer overflow vulnerability exists in the Attribute Arena functionality of Ichitaro 2022 1.0.1.57600. A specially crafted document can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
A use-after-free vulnerability exists within the way Ichitaro Word Processor 2022, version 1.0.1.57600, processes protected documents. A specially crafted document can trigger reuse of freed memory, which can lead to further memory corruption and potentially result in arbitrary code execution. An attacker can provide a malicious document to trigger this vulnerability.