|
||||||||||||||||
|
||||||||||||||||
|
| |||||||||||||||
|
||||||||||||||||
|
||||||||||||||||
|
|
 |
| |
|
| |
| |
|
|
|
|
|
|
|
АРХИВ :: Security-alerts |
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [security-alerts] FW: [SA23757] Sun Java JRE GIF Image Processing Buffer Overflow Vulnerability
> > ---------------------------------------------------------------------- > > TITLE: > Sun Java JRE GIF Image Processing Buffer Overflow Vulnerability > > SECUNIA ADVISORY ID: > SA23757 > > VERIFY ADVISORY: > > > CRITICAL: > Highly critical > > IMPACT: > System access > > WHERE: > From remote > > SOFTWARE: > Sun Java JRE 1.5.x / 5.x > > Sun Java JRE 1.3.x > > Sun Java JRE 1.4.x > > Sun Java SDK 1.3.x > > Sun Java SDK 1.4.x > > Sun Java JDK 1.5.x > > > DESCRIPTION: > A vulnerability has been reported in Sun Java Runtime Environment > (JRE), which can be exploited by malicious people to compromise a > vulnerable system. > > The vulnerability is caused due to an error when processing GIF > images and can be exploited to cause a heap-based buffer overflow via > a specially crafted GIF image with an image width of 0. > > Successful exploitation allows execution of arbitrary code. > > The vulnerability is reported in the following versions: > * JDK and JRE 5.0 Update 9 and prior. > * SDK and JRE 1.4.2_12 and prior. > * SDK and JRE 1.3.1_18 and prior. > > SOLUTION: > Updated to fixed versions. > > JDK and JRE 5.0: > Update to JDK and JRE 5.0 Update 10 or later. > > > SDK and JRE 1.4.x: > Update to SDK and JRE 1.4.2_13 or later. > > > SDK and JRE 1.3.x: > Update to SDK and JRE 1.3.1_19 or later. > > > PROVIDED AND/OR DISCOVERED BY: > Discovered by an anonymous person and reported via ZDI. > > ORIGINAL ADVISORY: > Sun Microsystems: > > > ZDI: > >
|