VYPR
Unrated severityNVD Advisory· Published Aug 16, 2022· Updated Aug 3, 2024

CVE-2022-36344

CVE-2022-36344

Description

An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • JustSystems Corporation/JustSystems JUST Online Update for J-License'v5
    Range: JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.