Ichitaro is a widely recognized word processing software in Japan created by JustSystems.
Cisco Talos recently discovered four bugs in it that might result in arbitrary code execution.
Ichitaro employs the.jtd file extension and the ATOK input method (IME). In Japan, there is only Microsoft Word that is more widely used as a word processor.
The researchers identified four flaws that might provide an attacker access to the target machine and the ability to run arbitrary code. In the event that the target accesses a malicious file prepared by the attacker, TALOS-2022-1673 (CVE-2022-43664) might cause the attacker to reuse freed memory, which could result in more memory corruption and even arbitrary code execution.
Similar effects can also be seen as a result of TALOS-2023-1722 (CVE-2023-22660), except this time the cause is a buffer overflow.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: