Vulnerability Details : CVE-2006-6400
Buffer overflow in JustSystems Hanako 2004 through 2006, Hanako viewer 1.x, Ichitaro 2004, Ichitaro 2005, Ichitaro Lite2, Ichitaro viewer 4.x, and Sanshiro 2005 allows remote attackers to execute arbitrary code via the (1) Keyword and (2) Title fields, related to string length fields.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2006-6400
Probability of exploitation activity in the next 30 days: 15.79%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2006-6400
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2006-6400
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2006-6400
-
http://www.vupen.com/english/advisories/2006/4857
-
http://www.securityfocus.com/bid/21445
-
http://www.justsystem.co.jp/info/pd6005.html
-
http://jvn.jp/jp/JVN%2347272891/index.html
-
http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/92_e.html
Patch;Vendor Advisory
-
http://securitytracker.com/id?1017336
Products affected by CVE-2006-6400
- cpe:2.3:a:justsystem:ichitaro:*:*:*:*:*:*:*:*
- cpe:2.3:a:justsystem:ichitaro:2005:*:*:*:*:*:*:*
- cpe:2.3:a:justsystem:ichitaro:2006:*:*:*:*:*:*:*
- cpe:2.3:a:justsystem:hanako:2004:*:*:*:*:*:*:*
- cpe:2.3:a:justsystem:hanako:2006:*:*:*:*:*:*:*
- cpe:2.3:a:justsystem:hanako:2005:*:*:*:*:*:*:*
- cpe:2.3:a:justsystem:hanako_viewer:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:justsystem:ichitaro_lite2:*:*:*:*:*:*:*:*
- cpe:2.3:a:justsystem:ichitaro_lite2:r2:*:*:*:*:*:*:*
- cpe:2.3:a:justsystem:ichitaro_viewer:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:justsystem:sanshiro:2005:*:*:*:*:*:*:*