Computer Security
[EN] securityvulns.ru no-pyccku


Oracle Java multiple security vulnerabilities
updated since 10.06.2011
Published:19.06.2011
Source:
SecurityVulns ID:11721
Type:library
Threat Level:
9/10
Description:Multiple integer overflows on ICC profiles parsing. Java Web Start shell commands execution.
Affected:ORACLE : Jre 6.0
 ORACLE : JDK 6.0
CVE:CVE-2011-0863 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.)
 CVE-2011-0862 (Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.)
 CVE-2011-0817 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.)
Original documentdocumentZDI, TPTI-11-06: Oracle Java ICC Profile rcs2 Tag Parsing Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, ZDI-11-199: Oracle Java Soundbank Decompression Remote Code Execution Vulnerability (19.06.2011)
 documentZacheusz Siedlecki, Java HotSpot Cryptographic Provider signature verification vulnerability (11.06.2011)
 documentZDI, ZDI-11-182: Oracle Java IE Browser Plugin Corrupted Window Procedure Hook Remote Code Execution Vulnerability (10.06.2011)
 documentZDI, ZDI-11-183: Oracle Java ICC Profile MultiLanguage 'mluc' Tag Parsing Remote Code Execution Vulnerability (10.06.2011)
 documentZDI, ZDI-11-184: Oracle Java ICC Profile Sequence Description 'pseq' Tag Parsing Remote Code Execution Vulnerability (10.06.2011)
 documentZDI, ZDI-11-185: Oracle Java ICC Profile 'bfd ' Tag Parsing Remote Code Execution Vulnerability (10.06.2011)
 documentZDI, ZDI-11-188: Oracle Java ICC Profile ncl2 Count Tag Parsing Remote Code Execution Vulnerability (10.06.2011)
 documentZDI, ZDI-11-191: Oracle Java ICC Screening Tag Parsing Remote Code Execution Vulnerability (10.06.2011)
 documentZDI, ZDI-11-192: Oracle Java Web Start Command Argument Injection Remote Code Execution Vulnerability (10.06.2011)
 documentZDI, ZDI-11-190: Oracle Java ICC Profile 'crdi' Tag Parsing Remote Code Execution Vulnerability (10.06.2011)
 documentZDI, ZDI-11-186: Oracle Java ICC Profile Multi-Language 'curv' Tag Parsing Remote Code Execution Vulnerability (10.06.2011)
 documentZDI, ZDI-11-189: Oracle Java ICC Profile ncl2 DevCoords Tag Parsing Remote Code Execution Vulnerability (10.06.2011)
 documentZDI, ZDI-11-187: Oracle Java ICC Profile clrt Tag Parsing Remote Code Execution Vulnerability (10.06.2011)
 documentVUPEN Security Research, VUPEN Security Research - Oracle Java ICC Profile "bfd" Tag Integer Overflow Code Execution Vulnerability (10.06.2011)
 documentVUPEN Security Research, VUPEN Security Research - Oracle Java ICC Profile "clrt" Tag Integer Overflow Code Execution Vulnerability (10.06.2011)
 documentVUPEN Security Research, VUPEN Security Research - Oracle Java ICC Profile "ncl2" Tag Integer Overflow Code Execution Vulnerability (10.06.2011)
 documentVUPEN Security Research, VUPEN Security Research - Oracle Java ICC Profile "pseq" Tag Integer Overflow Code Execution Vulnerability (10.06.2011)
 documentVUPEN Security Research, VUPEN Security Research - Oracle Java ICC Profile "scrn" Tag Integer Overflow Code Execution Vulnerability (10.06.2011)
 documentVUPEN Security Research, VUPEN Security Research - Oracle Java ICC Profile "mluc" Tag Integer Overflow Code Execution Vulnerability (10.06.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod