SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   NJStar Vendors:   NJStar Software Corp.
NJStar Chinese/Japanese Word Processor Buffer Overflow in Font Names Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1015649
SecurityTracker URL:  http://securitytracker.com/id/1015649
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 21 2006
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.01.41108 and prior versions
Description:   A vulnerability was reported in NJStar Chinese/Japanese Word Processor. A remote user can cause arbitrary code to be executed on the target system.

A remote user can create an NJStar document file ('.njx' file) with specially crafted font names that, when loaded by the target user, will trigger a buffer overflow. Arbitrary code can be executed with the privileges of the target user.

The vendor was notified on February 3, 2006.

Tan Chew Keong of Secunia Research discovered this vulnerability.

Impact:   A remote user can create a specially crafted file that, when loaded by the target user, will execute arbitrary code with the privileges of the target user.
Solution:   The vendor has issued a fixed version (5.10).
Vendor URL:  www.njstar.com/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Secunia Research: NJStar Word Processor Font Name Buffer Overflow

====================================================================== 

                     Secunia Research 20/02/2006

        - NJStar Word Processor Font Name Buffer Overflow -

====================================================================== 
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Description of Vulnerability.........................................3
Solution.............................................................4
Time Table...........................................................5
Credits..............................................................6
References...........................................................7
About Secunia........................................................8
Verification.........................................................9

====================================================================== 
1) Affected Software 

* NJStar Chinese/Japanese Word Processor 5.01.41108.
* NJStar Chinese/Japanese Word Processor 4.x and 5.0x.

====================================================================== 
2) Severity 

Rating: Moderately Critical
Impact: System access
Where:  Remote

====================================================================== 
3) Description of Vulnerability

Secunia Research has discovered a vulnerability in NJStar Word
Processor, which can be exploited by malicious people to compromise a
user's system.

The vulnerability is caused due to a boundary error within the
handling of font names read from a NJStar document file (".njx").
This can be exploited to cause a stack-based buffer overflow.

Successful exploitation allows arbitrary code execution when a
malicious ".njx" file is opened.

====================================================================== 
4) Solution 

Update to version 5.10.

====================================================================== 
5) Time Table 

03/02/2006 - Initial vendor notification.
04/02/2006 - Initial vendor reply.
18/02/2006 - Vendor released fixed versions.
20/02/2006 - Public disclosure.

====================================================================== 
6) Credits 

Discovered by Tan Chew Keong, Secunia Research.

====================================================================== 
7) References

No other references.

====================================================================== 
8) About Secunia 

Secunia collects, validates, assesses, and writes advisories regarding 
all the latest software vulnerabilities disclosed to the public. These 
advisories are gathered in a publicly available database at the 
Secunia website: 

http://secunia.com/

Secunia offers services to our customers enabling them to receive all 
relevant vulnerability information to their specific system 
configuration. 

Secunia offers a FREE mailing list called Secunia Security Advisories: 

http://secunia.com/secunia_security_advisories/

====================================================================== 
9) Verification 

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2006-5/advisory/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC