Java Runtime Environment Image Parsing Code buffer overflow vulnerability

Overview

The Sun Java Runtime Environment contains a buffer overflow vulnerability that may allow an attacker to execute code or read local files.

Description

The Java Runtime Environment (JRE) is a group software packages from Sun Microsystems that allow a computer to access and use Java applications. Sun distributes a JRE plug-in for web browsers that allow websites to include Java applications that can execute in the user’s web browser. The JRE is part of the Java Development Kit (JDK).

The International Color Consortium (ICC) supports cross-platform color management systems. One of these systems is the ICC profile format.

There is a buffer overflow vulnerability in the Java Runtime Environment. From Sun Alert 102934:
A buffer overflow vulnerability in the image parsing code in the Java Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.
The image parsers that come with the Java Development Kit (JDK) support embedded ICC profiles. The ICC parser that comes with the Sun JRE uses native code that contains the buffer overflow. More information is available in Chris Evans’ security advisory CESA-2006-004.

Note that an attacker may be able to exploit this vulnerability by convincing a user to open a website that hosts a specially crafted Java applet.

---

Impact

A remote, unauthenticated attacker may be able to read or write files and execute code with the privileges of the user who is running the JRE.

---

Solution

Update
Sun has provided an update to address this issue. Users are encouraged to update to JRE 6 Update 1 or JRE 5.0 Update 11. Administrators should see Sun Alert 102934 for a full list of affected products and fixed software.

The Java Test Page can be used to determine what version of the Java JRE is currently installed. To adjust the JRE update settings, see the update section of the Java deployment guide.

---

Disable the JRE browser plug-in

Disabling the JRE browser plug-in may mitigate most web-based attacks against this vulnerability. See the Securing Your Web Browser document for more information on how to disable Java in your browser.

---

Vendor Information

138545

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Sun Microsystems, Inc. __ Affected

Updated: June 06, 2007

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

See <http://www.sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1&gt; for more details.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23138545 Feedback>).

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

• <http://www.sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1&gt;
• <http://java.sun.com/j2se/1.5.0/docs/guide/deployment/deployment-guide/jcp.html#update&gt;
• <http://scary.beasts.org/security/CESA-2006-004.html&gt;
• <http://java.sun.com/j2se/1.4.2/download.html&gt;
• <http://java.com/en/download/help/testvm.xml&gt;
• <http://www.cert.org/tech_tips/securing_browser/&gt;
• <http://www.color.org/&gt;
• http://www.auscert.org.au/render.html?it=7664&template=1
• <http://www.securityfocus.com/bid/24004&gt;
• <http://xforce.iss.net/xforce/xfdb/34318&gt;

Acknowledgements

Thanks to Sun for information that was used in this report. Sun thanks Chris Evans for reporting this vulnerability.

This document was written by Ryan Giobbi.

Other Information

CVE IDs:	CVE-2007-2788
Severity Metric:	12.39 Date Public: