CVE-2023-35126
📋 TL;DR
An out-of-bounds write vulnerability in Ichitaro 2023 document processors allows memory corruption when parsing specially crafted documents. Attackers can exploit this to execute arbitrary code on affected systems. Users of Ichitaro 2023 version 1.0.1.59372 are vulnerable.
💻 Affected Systems
- Ichitaro 2023
📦 What is this software?
Easy Postcard Max by Justsystems
Ichitaro 2021 by Justsystems
Ichitaro 2022 by Justsystems
Ichitaro 2023 by Justsystems
Ichitaro Pro 3 by Justsystems
Ichitaro Pro 4 by Justsystems
Ichitaro Pro 5 by Justsystems
Just Government 3 by Justsystems
Just Government 4 by Justsystems
Just Government 5 by Justsystems
Just Office 3 by Justsystems
Just Office 4 by Justsystems
Just Office 5 by Justsystems
Just Police 3 by Justsystems
Just Police 4 by Justsystems
Just Police 5 by Justsystems
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining complete control over the victim's computer, enabling data theft, ransomware deployment, or persistent backdoor installation.
Likely Case
Arbitrary code execution with the privileges of the user opening the malicious document, leading to data exfiltration, credential theft, or lateral movement within the network.
If Mitigated
Limited impact with proper application sandboxing and privilege separation, potentially resulting in application crash but no code execution.
🎯 Exploit Status
Exploitation requires user interaction to open a malicious document. No public exploit code has been identified at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific patched version
Vendor Advisory: https://jvn.jp/en/jp/JVN28846531/index.html
Restart Required: Yes
Instructions:
1. Check for updates within Ichitaro 2023 application
2. Download and install the latest security update from vendor
3. Restart the application and verify patch installation
🔧 Temporary Workarounds
Disable document parsing features
windowsRestrict or disable the vulnerable document parsing functionality through application settings or group policy
Application sandboxing
windowsRun Ichitaro in a sandboxed environment to limit potential damage from exploitation
🧯 If You Can't Patch
- Implement strict file type restrictions to block .jtd files at network perimeter
- Deploy application allowlisting to prevent unauthorized Ichitaro execution
🔍 How to Verify
Check if Vulnerable:
Check Ichitaro 2023 version in Help > About. If version is 1.0.1.59372, system is vulnerable.Check Version:
Not applicable - check through application GUI Help > About menuVerify Fix Applied:
Verify installed version is newer than 1.0.1.59372 and check vendor advisory for specific patched version.📡 Detection & Monitoring
Log Indicators:
- Application crashes with memory access violations
- Unexpected process creation from Ichitaro.exe
- Suspicious file access patterns
Network Indicators:
- Downloads of .jtd files from untrusted sources
- Outbound connections from Ichitaro process to suspicious IPs
SIEM Query:
source="windows" AND process_name="Ichitaro.exe" AND (event_id=1000 OR event_id=1001) AND message="ACCESS_VIOLATION"🔗 References
- https://jvn.jp/en/jp/JVN28846531/index.html
- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1825
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1825
- https://jvn.jp/en/jp/JVN28846531/index.html
- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1825
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1825
