PatchSiren cyber security CVE debrief
CVE-2017-2789 Justsystems CVE debrief
CVE-2017-2789 is a high-severity memory corruption issue in JustSystems Ichitaro Office 2016 Trial. When the application copies file data from a document, it compares two calculated lengths and, if both exceed the destination buffer size, selects the smaller value to control the copy. Because that chosen value is still larger than the buffer, the copy can overflow heap memory, corrupt internal data, and potentially lead to code execution in the context of the application. The issue was published by NVD on 2017-02-24 and is classified by NVD as CWE-119 with a CVSS 3.0 score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
- Vendor
- Justsystems
- Product
- CVE-2017-2789
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-02-24
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-02-24
- Advisory updated
- 2026-05-13
Who should care
Administrators, endpoint defenders, and users of JustSystems Ichitaro products should treat this as important, especially in environments where users open untrusted documents or receive files from external sources. Security teams that monitor desktop application exploitation and document-based attack paths should also pay attention.
Technical summary
The vulnerability is a heap-based buffer overflow in document/file parsing logic. The application derives two lengths for a copy operation, then trusts the smaller one even when it still exceeds the destination buffer size. That logic error can cause an out-of-bounds heap write and corrupt memory used for pointer arithmetic during later writes. NVD classifies the weakness as CWE-119 and associates the issue with the Ichitaro product family via the vulnerable CPE entry.
Defensive priority
High. The CVSS vector indicates network-possible exposure with required user interaction and potentially severe confidentiality, integrity, and availability impact. Because the flaw can lead to code execution after opening a crafted document, it should be prioritized alongside other document-parsing vulnerabilities in desktop software.
Recommended defensive actions
- Check JustSystems vendor security advisories and apply any available update or remediation for Ichitaro Office 2016 Trial and related affected Ichitaro versions.
- Restrict opening of untrusted or externally sourced documents, especially in environments where Ichitaro is used for email attachments or shared files.
- Run the application with least privilege and use endpoint application control or sandboxing where available to reduce impact if exploitation occurs.
- Monitor for crashes, abnormal memory faults, or suspicious child processes associated with document opening activity.
- Keep endpoint protection and content scanning enabled for inbound documents and archives that may contain weaponized office files.
Evidence notes
All substantive claims in this debrief are drawn from the supplied CVE record and its NVD metadata. The source description states that file-data copying logic chooses the smaller of two lengths even when both exceed the buffer size, producing a heap-based buffer overflow that may lead to code execution. NVD metadata supplies the CVSS vector, CWE-119 classification, and vulnerable CPE family. The listed Talos and SecurityFocus URLs are references cited by the NVD record; no additional facts from those pages are asserted here.
Official resources
CVE published by NVD on 2017-02-24T22:59:00.153Z; modified on 2026-05-13T00:24:29.033Z. This debrief uses the supplied CVE record and NVD metadata only.