cvelistv5 - cve-2017-2155

CVE-2017-2155 (GCVE-0-2017-2155)

Vulnerability from cvelistv5

Published

2017-04-28 16:00

Modified

2024-08-05 13:48

Severity ?

CWE

Buffer Overflow

Summary

Buffer overflow in Hoozin Viewer 2, 3, 4.1.5.15 and earlier, 5.1.2.13 and earlier, and 6.0.3.09 and earlier allows remote attackers to execute arbitrary code via specially crafted webpage.

References

URL

Tags

	http://www.icon-co.jp/news/20170420/index.html	x_refsource_MISC
	http://jvn.jp/en/jp/JVN93931029/index.html	third-party-advisory, x_refsource_JVN

Impacted products

Vendor

Product

Version

ICON CORPORATION

Hoozin Viewer

Version: Ver2

ICON CORPORATION	Hoozin Viewer	Version: Ver3
ICON CORPORATION	Hoozin Viewer	Version: Ver4.1.5.15 and earlier
ICON CORPORATION	Hoozin Viewer	Version: Ver5.1.2.13 and earlier
ICON CORPORATION	Hoozin Viewer	Version: Ver6.0.3.09 and earlier

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:48:04.277Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.icon-co.jp/news/20170420/index.html"
          },
          {
            "name": "JVN#93931029",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN93931029/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Hoozin Viewer",
          "vendor": "ICON CORPORATION",
          "versions": [
            {
              "status": "affected",
              "version": "Ver2"
            }
          ]
        },
        {
          "product": "Hoozin Viewer",
          "vendor": "ICON CORPORATION",
          "versions": [
            {
              "status": "affected",
              "version": "Ver3"
            }
          ]
        },
        {
          "product": "Hoozin Viewer",
          "vendor": "ICON CORPORATION",
          "versions": [
            {
              "status": "affected",
              "version": "Ver4.1.5.15 and earlier"
            }
          ]
        },
        {
          "product": "Hoozin Viewer",
          "vendor": "ICON CORPORATION",
          "versions": [
            {
              "status": "affected",
              "version": "Ver5.1.2.13 and earlier"
            }
          ]
        },
        {
          "product": "Hoozin Viewer",
          "vendor": "ICON CORPORATION",
          "versions": [
            {
              "status": "affected",
              "version": "Ver6.0.3.09 and earlier"
            }
          ]
        }
      ],
      "datePublic": "2017-04-28T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in Hoozin Viewer 2, 3, 4.1.5.15 and earlier, 5.1.2.13 and earlier, and 6.0.3.09 and earlier allows remote attackers to execute arbitrary code via specially crafted webpage."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Buffer Overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-28T15:57:01.000Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.icon-co.jp/news/20170420/index.html"
        },
        {
          "name": "JVN#93931029",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN93931029/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2017-2155",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Hoozin Viewer",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Ver2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Hoozin Viewer",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Ver3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Hoozin Viewer",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Ver4.1.5.15 and earlier"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Hoozin Viewer",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Ver5.1.2.13 and earlier"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Hoozin Viewer",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Ver6.0.3.09 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ICON CORPORATION"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in Hoozin Viewer 2, 3, 4.1.5.15 and earlier, 5.1.2.13 and earlier, and 6.0.3.09 and earlier allows remote attackers to execute arbitrary code via specially crafted webpage."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Buffer Overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.icon-co.jp/news/20170420/index.html",
              "refsource": "MISC",
              "url": "http://www.icon-co.jp/news/20170420/index.html"
            },
            {
              "name": "JVN#93931029",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN93931029/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2017-2155",
    "datePublished": "2017-04-28T16:00:00.000Z",
    "dateReserved": "2016-12-01T00:00:00.000Z",
    "dateUpdated": "2024-08-05T13:48:04.277Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-2155

Vulnerability from jvndb

Published

2017-04-20 14:48

Modified

2017-06-01 13:40

Severity ?

5.0 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

Summary

Hoozin Viewer vulnerable to buffer overflow

Details

Hoozin Viewer provided by ICON CORPORATION contains a buffer overflow vulnerability (CWE-121). Touma Hatano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.