CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
97.9%
The Sun Java Runtime Environment contains a buffer overflow vulnerability that may allow an attacker to execute code or read local files.
The Java Runtime Environment (JRE) is a group software packages from Sun Microsystems that allow a computer to access and use Java applications. Sun distributes a JRE plug-in for web browsers that allow websites to include Java applications that can execute in the user’s web browser. The JRE is part of the Java Development Kit (JDK).The International Color Consortium (ICC) supports cross-platform color management systems. One of these systems is the ICC profile format.
There is a buffer overflow vulnerability in the Java Runtime Environment. From Sun Alert 102934:
A buffer overflow vulnerability in the image parsing code in the Java Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.
The image parsers that come with the Java Development Kit (JDK) support embedded ICC profiles. The ICC parser that comes with the Sun JRE uses native code that contains the buffer overflow. More information is available in Chris Evans’ security advisory CESA-2006-004.
Update
Sun has provided an update to address this issue. Users are encouraged to update to JRE 6 Update 1 or JRE 5.0 Update 11. Administrators should see Sun Alert 102934 for a full list of affected products and fixed software.
Disable the JRE browser plug-in
138545
Filter by status: All Affected Not Affected Unknown
Filter by content: __Additional information available
__Sort by: Status Alphabetical
Expand all
Javascript is disabled. Clickhere to view vendors.
Updated: June 06, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
See http://www.sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1 for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Sun for information that was used in this report. Sun thanks Chris Evans for reporting this vulnerability.
This document was written by Ryan Giobbi.
CVE IDs: | CVE-2007-2788 |
---|---|
Severity Metric: | 12.39 Date Public: |
java.com/en/download/help/testvm.xml
java.sun.com/j2se/1.4.2/download.html
java.sun.com/j2se/1.5.0/docs/guide/deployment/deployment-guide/jcp.html#update
scary.beasts.org/security/CESA-2006-004.html
www.auscert.org.au/render.html?it=7664&template=1
www.cert.org/tech_tips/securing_browser/
www.color.org/
www.securityfocus.com/bid/24004
www.sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1
xforce.iss.net/xforce/xfdb/34318