Multiple buffer overflows in the rich text processing functionality in JustSystems Ichitaro 2004 through 2007, 11 through 13, and other versions allow remote attackers to execute arbitrary code via a long (1) pard field or (2) font name in the fcharset0 field, which is not properly handled in (a) JSTARO4.OCX; or (3) a long title, which is not properly handled by (b) TJSVDA.DLL.
https://exchange.xforce.ibmcloud.com/vulnerabilities/38130
https://exchange.xforce.ibmcloud.com/vulnerabilities/38129
http://www.vupen.com/english/advisories/2007/3623
http://www.securityfocus.com/bid/26206
http://www.justsystems.com/jp/info/pd7004.html
http://www.ipa.go.jp/security/vuln/200710_Ichitaro.html
http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-3
http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-2
http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071025-1
http://secunia.com/advisories/27393
http://jvn.jp/jp/JVN%2350495547/index.html