Stack-based buffer overflow in Justsystem Ichitaro 9.x through 13.x, Ichitaro 2004, 2005, 2006, and Government 2006; Ichitaro for Linux; and FormLiner before 20060818 allows remote attackers to execute arbitrary code via long Unicode strings in a crafted document, as being actively exploited by malware such as Trojan.Tarodrop. NOTE: some details are obtained from third party information.
Conclusion & alert: CVE-2006-4326 is rated Moderate Risk (58.4/100): CVSS High severity, with high exploitation likelihood (EPSS 4.47%, 90th percentile). Core evidence: EPSS ranks this CVE among the most likely to be exploited in the near term. Mandatory action: High exploitation likelihood—assess exposure and prioritize remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 7.67% | 4.47% | -3.20% |
| 2 | 2025-04-12 | 7.39% | 7.67% | +0.28% |
| 3 | 2025-03-30 | — | 7.39% | — |
Full EPSS history (10 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 7.5 | 2.0 | HIGH |
|
10.0 | 6.4 | [email protected] |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| justsystem | formliner | — | cpe:2.3:a:justsystem:formliner:*:*:*:*:*:*:*:* |
| justsystem | ichitaro | 9.0 | cpe:2.3:a:justsystem:ichitaro:9.0:*:*:*:*:*:*:* |
| justsystem | ichitaro | 10.0 | cpe:2.3:a:justsystem:ichitaro:10.0:*:*:*:*:*:*:* |
| justsystem | ichitaro | 11.0 | cpe:2.3:a:justsystem:ichitaro:11.0:*:*:*:*:*:*:* |
| justsystem | ichitaro | 12.0 | cpe:2.3:a:justsystem:ichitaro:12.0:*:*:*:*:*:*:* |
| justsystem | ichitaro | 13.0 | cpe:2.3:a:justsystem:ichitaro:13.0:*:*:*:*:*:*:* |
| justsystem | ichitaro | 2004 | cpe:2.3:a:justsystem:ichitaro:2004:*:*:*:*:*:*:* |
| justsystem | ichitaro | 2005 | cpe:2.3:a:justsystem:ichitaro:2005:*:*:*:*:*:*:* |
| justsystem | ichitaro | 2006 | cpe:2.3:a:justsystem:ichitaro:2006:*:*:*:*:*:*:* |
| justsystem | ichitaro_government | 2006 | cpe:2.3:a:justsystem:ichitaro_government:2006:*:*:*:*:*:*:* |