Login Sign Up

CVE-2022-45115

7.8 HIGH
Buffer Overflow

📋 TL;DR

A buffer overflow vulnerability in Ichitaro 2022's Attribute Arena functionality allows memory corruption when processing malicious documents. Attackers can craft files to potentially execute arbitrary code or crash the application. This affects users of Ichitaro 2022 who open untrusted documents.

💻 Affected Systems

Products:
  • Ichitaro 2022
Versions: Version 1.0.1.57600 (specific affected version)
Operating Systems: Windows (Ichitaro is Windows software)
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of the affected version are vulnerable when processing documents.

📦 What is this software?

Ichitaro 2022 by Justsystems

View all CVEs affecting Ichitaro 2022 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the Ichitaro user, leading to complete system compromise.

🟠

Likely Case

Application crash (denial of service) or limited memory corruption that could be leveraged for further exploitation.

🟢

If Mitigated

No impact if patched or if users avoid opening untrusted documents.

🌐 Internet-Facing: LOW (requires user interaction to open malicious document, not directly network-exploitable)
🏢 Internal Only: MEDIUM (internal users could be targeted via phishing or shared malicious documents)

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM (requires crafting a malicious document and user interaction)

Exploitation requires the victim to open a specially crafted document. No public exploit code is known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to latest version (check vendor advisory)

Vendor Advisory: https://jvn.jp/en/jp/JVN79149117/

Restart Required: Yes

Instructions:

1. Check for updates in Ichitaro 2022 via Help > Check for Updates. 2. Download and install the latest version. 3. Restart the application.

🔧 Temporary Workarounds

Restrict document processing

windows

Configure Ichitaro to only open trusted documents or disable automatic opening.

Use application control

windows

Block execution of Ichitaro 2022 version 1.0.1.57600 via AppLocker or similar.

🧯 If You Can't Patch

  • Educate users to never open untrusted Ichitaro documents from unknown sources.
  • Monitor for crashes of Ichitaro 2022 and investigate any suspicious document openings.

🔍 How to Verify

Check if Vulnerable:

Check Ichitaro version via Help > About. If version is 1.0.1.57600, it is vulnerable.

Check Version:

Not applicable (GUI application)

Verify Fix Applied:

After updating, verify the version is no longer 1.0.1.57600 via Help > About.

📡 Detection & Monitoring

Log Indicators:

  • Application crash logs from Ichitaro 2022
  • Windows Event Logs showing unexpected process termination

Network Indicators:

  • Unusual document downloads followed by Ichitaro crashes

SIEM Query:

EventID=1000 OR EventID=1001 AND ProcessName="Ichitaro.exe"

📊 Metadata

CVE ID: CVE-2022-45115
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-122
Published: April 5, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-45115, you might also want to check these:

CVE-2021-21940 10.0

A heap-based buffer overflow vulnerability in Anker Eufy Homebase 2's RTSP handling allows remote co...

Same vulnerability type (CWE-122)
CVE-2023-45318 10.0

This critical vulnerability allows remote attackers to execute arbitrary code on systems running Wes...

Same vulnerability type (CWE-122)
CVE-2025-23123 10.0

A heap buffer overflow vulnerability in UniFi Protect Camera firmware allows remote code execution. ...

Same vulnerability type (CWE-122)