CVE-2023-22291 – This CVE describes an invalid free vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2023-22291?

CVE-2023-22291 has a CVSS score of 7.0 (HIGH). This CVE describes an invalid free vulnerability in Ichitaro 2022's Frame stream parser. Attackers can craft malicious documents that cause memory corruption by attempting to free a stack pointer. Users of Ichitaro 2022 who open untrusted documents are affected.

📋 TL;DR

This CVE describes an invalid free vulnerability in Ichitaro 2022's Frame stream parser. Attackers can craft malicious documents that cause memory corruption by attempting to free a stack pointer. Users of Ichitaro 2022 who open untrusted documents are affected.

💻 Affected Systems

Products:

Ichitaro 2022

Versions: 1.0.1.57600

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the specific version mentioned; other versions may be unaffected.

📦 What is this software?

Ichitaro 2022 by Justsystems

View all CVEs affecting Ichitaro 2022 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Arbitrary code execution with the privileges of the Ichitaro process, potentially leading to full system compromise.

🟠

Likely Case

Application crash (denial of service) or limited memory corruption that could be leveraged for further exploitation.

🟢

If Mitigated

Application crash with no further impact if proper sandboxing or exploit mitigations are in place.

🌐 Internet-Facing: LOW - Ichitaro is not typically an internet-facing service.

🏢 Internal Only: MEDIUM - Risk exists when users open malicious documents from email or untrusted sources.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open a malicious document. No public exploit code is known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to latest version (check vendor for specific patched version)

Vendor Advisory: https://www.justsystems.com/jp/support/security/2023/01.html

Restart Required: Yes

Instructions:

1. Open Ichitaro 2022. 2. Navigate to Help > Check for Updates. 3. Follow prompts to download and install the latest update. 4. Restart the application.

🔧 Temporary Workarounds

Disable Frame stream parsing

windows

If possible, disable or restrict the Frame stream parser functionality through application settings.

Use application sandboxing

windows

Run Ichitaro in a sandboxed environment to limit potential damage from exploitation.

🧯 If You Can't Patch

Restrict user permissions to prevent execution of arbitrary code
Implement application whitelisting to block unauthorized executables

🔍 How to Verify

Check if Vulnerable:

Check Ichitaro version: Open Ichitaro > Help > About. If version is 1.0.1.57600, it is vulnerable.

Check Version:

Not applicable - check through GUI as described above

Verify Fix Applied:

After updating, verify version is no longer 1.0.1.57600 and check vendor advisory for patched version number.

📡 Detection & Monitoring

Log Indicators:

Application crash logs from Ichitaro.exe
Unexpected memory access violations in system logs

Network Indicators:

Unusual document downloads followed by application crashes

SIEM Query:

EventID=1000 OR EventID=1001 AND ProcessName="Ichitaro.exe"

📊 Metadata

CVE ID: CVE-2023-22291

CVSS v3 Score: 7.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-590

Published: April 5, 2023

Last Updated: November 21, 2024

🔗 References

https://jvn.jp/en/jp/JVN79149117/ Third Party Advisory,VDB Entry
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1687 Exploit,Third Party Advisory
https://jvn.jp/en/jp/JVN79149117/ Third Party Advisory,VDB Entry
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1687 Exploit,Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1687

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-22291, you might also want to check these: