Unrated severityNVD Advisory· Published Dec 18, 2007· Updated Apr 23, 2026

CVE-2007-6436

Description

Stack-based buffer overflow in JSGCI.DLL in JustSystems Ichitaro 2005, 2006, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted document, as actively exploited in December 2007 by the Tarodrop.F trojan. NOTE: some of these details are obtained from third party information.

Affected products

Justsystems/Ichitaro3 versions
cpe:2.3:a:justsystem:ichitaro:2005:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:justsystem:ichitaro:2005:*:*:*:*:*:*:*
- cpe:2.3:a:justsystem:ichitaro:2006:*:*:*:*:*:*:*
- cpe:2.3:a:justsystem:ichitaro:2007:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/27992nvdVendor Advisory
www.osvdb.org/39395nvd
www.symantec.com/security_response/writeup.jspnvd
www.vupen.com/english/advisories/2007/4213nvd
exchange.xforce.ibmcloud.com/vulnerabilities/39025nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.009
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000