PatchSiren cyber security CVE debrief
CVE-2017-2790 Justsystems CVE debrief
CVE-2017-2790 is a high-severity memory corruption issue in JustSystems Ichitaro Office's handling of Excel .xls Workbook stream data. The vulnerability is triggered when the application processes record type 0x3c and incorrectly trusts the record size, subtracts one from the length, and then uses that derived value as the size argument to memcpy. That logic can produce a heap-based buffer overflow and may allow code execution in the context of the application.
- Vendor
- Justsystems
- Product
- CVE-2017-2790
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-02-24
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-02-24
- Advisory updated
- 2026-05-13
Who should care
Organizations and users that open or process untrusted .xls files with JustSystems Ichitaro Office should treat this as relevant. Security teams responsible for endpoint protection, document handling, and email/web download filtering should prioritize it, especially where users routinely exchange spreadsheets from external sources.
Technical summary
The NVD record describes a CWE-119 weakness affecting cpe:2.3:a:justsystems:ichitaro:*:*:*:*:*:*:*:* . When a Workbook stream record of type 0x3c is parsed from an Excel .xls file, the code assumes the size is greater than zero, subtracts one from the length, and passes the result to memcpy. If the length handling is incorrect, the resulting copy can overflow a heap buffer. The published CVSS v3.0 vector is AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating remote exposure with user interaction required.
Defensive priority
High. The combination of remote delivery, user interaction, and potential code execution makes this a priority for systems that process Office files from untrusted sources.
Recommended defensive actions
- Apply the vendor's security update or remediation guidance for JustSystems Ichitaro Office as soon as it is available.
- Limit or sandbox handling of untrusted .xls files until affected systems are patched.
- Use email and web download controls to reduce delivery of untrusted spreadsheet files to endpoints that run Ichitaro Office.
- Prefer opening externally sourced spreadsheets in isolated environments where feasible.
- Review endpoint inventories to identify installations of JustSystems Ichitaro Office that may process legacy Excel .xls content.
Evidence notes
The vulnerability description is taken from the supplied CVE/NVD corpus and is consistent with the official NVD record and CVE.org entry. NVD identifies the weakness as CWE-119 and provides the CVSS v3.0 vector AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The source corpus also includes Talos references for additional context, but no extra behavioral details beyond the supplied description are asserted here.
Official resources
Published by NVD/CVE on 2017-02-24. The CVE record was later modified on 2026-05-13; that modified date should not be treated as the issue date.