No announcement yet.

Sun Java JRE GIF Image Processing Buffer Overflow Vulnerability

  • Filter
  • Time
  • Show
Clear All
new posts

  • Wayne Luke
    Moved because this has no relevance to vBulletin as it doesn't utilize Sun's Java Environment at all.

    Leave a comment:

  • Simetrical
    How is this relevant to vB? It doesn't allow Java by default, and allowing arbitrary Java is typically a fairly significant privacy/security risk anyway (although it usually can't install viruses without exploits such as this).

    Leave a comment:

  • Sun Java JRE GIF Image Processing Buffer Overflow Vulnerability

    Secunia Advisory: SA23757
    Release Date: 2007-01-17
    Last Update: 2007-01-18

    Critical: Highly critical
    Impact: System access
    Where: From remote
    Solution Status: Vendor Patch

    A vulnerability has been reported in Sun Java Runtime Environment (JRE), which can be exploited by malicious people to compromise a vulnerable system.

    The vulnerability is caused due to an error when processing GIF images and can be exploited to cause a heap-based buffer overflow via a specially crafted GIF image with an image width of 0.

    Successful exploitation allows execution of arbitrary code.

    The vulnerability is reported in the following versions:
    * JDK and JRE 5.0 Update 9 and prior.
    * SDK and JRE 1.4.2_12 and prior.
    * SDK and JRE 1.3.1_18 and prior.

    Provided and/or discovered by:
    Discovered by an anonymous person and reported via ZDI.

    2007-01-18: Added CVE reference and link to US-CERT.

    Original Advisory:

    Sun Microsystems:


    Other References:
    US-CERT VU#388289:
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.