CVE-2023-38127
📋 TL;DR
This vulnerability allows arbitrary code execution through a malicious Ichitaro document. An attacker can exploit an integer overflow in the HyperLinkFrame parser to cause memory corruption. Users of Ichitaro 2023 are affected.
💻 Affected Systems
- Ichitaro 2023
📦 What is this software?
Easy Postcard Max by Justsystems
Ichitaro 2021 by Justsystems
Ichitaro 2022 by Justsystems
Ichitaro 2023 by Justsystems
Ichitaro Pro 3 by Justsystems
Ichitaro Pro 4 by Justsystems
Ichitaro Pro 5 by Justsystems
Just Government 3 by Justsystems
Just Government 4 by Justsystems
Just Government 5 by Justsystems
Just Office 3 by Justsystems
Just Office 4 by Justsystems
Just Office 5 by Justsystems
Just Police 3 by Justsystems
Just Police 4 by Justsystems
Just Police 5 by Justsystems
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining the same privileges as the Ichitaro user, potentially leading to data theft, ransomware deployment, or lateral movement.
Likely Case
Local privilege escalation or malware execution when a user opens a malicious document, often delivered via phishing.
If Mitigated
Limited impact if document execution is blocked or user runs with minimal privileges, potentially causing application crash only.
🎯 Exploit Status
Exploitation requires user interaction to open a malicious document; no known public exploits as of analysis.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Update to latest version from vendor
Vendor Advisory: https://jvn.jp/en/jp/JVN28846531/index.html
Restart Required: Yes
Instructions:
1. Open Ichitaro 2023. 2. Navigate to Help > Check for Updates. 3. Follow prompts to install the latest version. 4. Restart the application.
🔧 Temporary Workarounds
Block Ichitaro document execution
windowsPrevent execution of Ichitaro documents via group policy or application control.
Use Windows Group Policy to block .jtd files or restrict Ichitaro execution.
🧯 If You Can't Patch
- Restrict user privileges to minimal levels to limit impact of potential exploitation.
- Implement email filtering to block suspicious Ichitaro attachments and educate users on phishing risks.
🔍 How to Verify
Check if Vulnerable:
Check Ichitaro version in Help > About; if version is 1.0.1.59372, it is vulnerable.Check Version:
In Ichitaro, go to Help > About to view version.Verify Fix Applied:
Verify version is updated to a newer release than 1.0.1.59372 after patching.📡 Detection & Monitoring
Log Indicators:
- Application crashes in Ichitaro logs, unexpected process launches from Ichitaro.
Network Indicators:
- Outbound connections from Ichitaro to unknown IPs post-document opening.
SIEM Query:
Process creation where parent process is Ichitaro.exe and command line contains suspicious parameters.