Computer Security

Search:Vulnerability:23.01.2007
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Sun Java memory corruption
updated since 18.01.2007
Published:23.01.2007
Source:BUGTRAQ
SecurityVulns ID:7065
Type:library
Level:8/10
Description:Memory corruption on GIF files parsing with 0 width block. Can be used for hidden malware installation.
Affected:SUN : JRE 1.3
 SUN : JDK 1.3
 SUN : JDK 1.4
 SUN : JRE 1.4
 SUN : JRE 1.5
 SUN : JDK 1.5
 SUN : JRE 5.0
 SUN : JDK 5.0
CVE:CVE-2007-0243 (Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption.)
 CVE-2007-0234 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-0243. Reason: This candidate is a duplicate of CVE-2007-0243. Notes: All CVE users should reference CVE-2007-0243 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.)
Original documentdocumentCERT, US-CERT Technical Cyber Security Alert TA07-022A (23.01.2007)
 documentZDI, ZDI-07-005: Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability (18.01.2007)
Files:Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability Prove Of Concept Exploit
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru