Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Sun Java JDK/JRE JPEG Images Integer Overflow Vulnerability - Aug09
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
This host is installed with Sun Java JDK/JRE and is prone to Integer Overflow vulnerability.
Insight
Insight
Multiple flaws exist: - Integer overflow occurs in JRE while vectors involving an untrusted Java Web Start application that grants permissions to itself, related to parsing of JPEG images. - Error in the Java Management Extensions (JMX) implementation which does not properly enforce OpenType checks. - Error in encoder which grants read access to private variables with unspecified names via an untrusted applet or application. - The plugin functionality does not properly implement version selection, which can be exploited by 'old zip and certificate handling' via unknown vectors. - Unspecified error in the 'javax.swing.plaf.synth.SynthContext.isSubregion' method in the Swing implementation which causes NullPointerException via unknown vectors. - Error in Java Web Start implementation which causes NullPointerException via a crafted '.jnlp' file.
Affected Software
Affected Software
Sun Java JDK/JRE version 6 before Update 15.
Solution
Solution
Upgrade to JDK/JRE version 6 Update 15.
Common Vulnerabilities and Exposures (CVE)
References
- http://secunia.com/advisories/36159
- http://secunia.com/advisories/36162
- http://secunia.com/advisories/36176
- http://secunia.com/advisories/36180
- http://java.sun.com/javase/6/webnotes/6u15.html
- http://www.zerodayinitiative.com/advisories/ZDI-09-050/
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-263428-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-125139-16-1