Zero-Day Vulnerability in Japanese Word Processor Ichitaro Exploited in the Wild

JustSystems has released a patch to address the flaw

  Files used to exploit the Ichitaro vulnerability
JustSystems, the developer of the popular Japanese word processor Ichitaro, is warning users about a zero-day vulnerability that’s currently exploited by cybercriminals to spread malware.

JustSystems, the developer of the popular Japanese word processor Ichitaro, is warning users about a zero-day vulnerability that’s currently exploited by cybercriminals to spread malware.

Security firm Symantec has been monitoring the cybercriminal campaign, which appears to be targeted only at Japanese users, since mid-January.

Symantec reports that a typical attack starts with an archive which contains three files: a modified version of JSMISC32.DLL, a file that’s used by the word processor; a clean Ichitaro document (.jdt); and a malicious DLL which bears a .jdt extension.

When the clean document is opened, the application executes the tampered JSMISC32.DLL file, which in turn launches the malicious DLL file, detected by Symantec as Trojan Horse. 

Fortunately, JustSystems has released a patch for the vulnerability exploited by the cybercriminals, so users are advised to update their installations as soon as possible.

Comments