Announcement

Collapse
No announcement yet.

Sun Java JRE GIF Image Processing Buffer Overflow Vulnerability

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Wayne Luke
    replied
    Moved because this has no relevance to vBulletin as it doesn't utilize Sun's Java Environment at all.

    Leave a comment:


  • Simetrical
    replied
    How is this relevant to vB? It doesn't allow Java by default, and allowing arbitrary Java is typically a fairly significant privacy/security risk anyway (although it usually can't install viruses without exploits such as this).

    Leave a comment:


  • Sun Java JRE GIF Image Processing Buffer Overflow Vulnerability

    Secunia Advisory: SA23757
    Release Date: 2007-01-17
    Last Update: 2007-01-18

    Critical: Highly critical
    Impact: System access
    Where: From remote
    Solution Status: Vendor Patch

    Description:
    A vulnerability has been reported in Sun Java Runtime Environment (JRE), which can be exploited by malicious people to compromise a vulnerable system.

    The vulnerability is caused due to an error when processing GIF images and can be exploited to cause a heap-based buffer overflow via a specially crafted GIF image with an image width of 0.

    Successful exploitation allows execution of arbitrary code.

    The vulnerability is reported in the following versions:
    * JDK and JRE 5.0 Update 9 and prior.
    * SDK and JRE 1.4.2_12 and prior.
    * SDK and JRE 1.3.1_18 and prior.


    Provided and/or discovered by:
    Discovered by an anonymous person and reported via ZDI.

    Changelog:
    2007-01-18: Added CVE reference and link to US-CERT.

    Original Advisory:

    Sun Microsystems:
    http://sunsolve.sun.com/search/docum...=1-26-102760-1

    ZDI:
    http://www.zerodayinitiative.com/adv...DI-07-005.html

    Other References:
    US-CERT VU#388289:
    http://www.kb.cert.org/vuls/id/388289
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X