Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:4C1ED931D5E7FE0F61E2D03D1797B72E
HistoryFeb 28, 2012 - 12:00 a.m.

Java Runtime Environment MixerSequence Function Pointer Control

2012-02-2800:00:00
SAINT Corporation
download.saintcorporation.com
17

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.97 High

EPSS

Percentile

99.7%

JSON

Added: 02/28/2012
CVE: CVE-2010-0842
BID: 39077
OSVDB: 63493

Background

The Java Runtime Environment (JRE) is part of the Java Development Kit (JDK), a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java application; it consists of the Java Virtual Machine (JVM), core classes, and supporting files.

Problem

When parsing Rich Music Format (RMF) files that contain Musical Instrument Digital Interface (MIDI) streams, part of the MIDI stream is used to set a function pointer in the JRE engine. If a specially crafted RMF file is referenced by an applet running under a vulnerable JRE, an attacker could cause this function pointer to divert execution to data controlled by the attacker, giving them control of execution on the target system.

Resolution

Apply Update 19 or later for JRE 6, or Update 24 or later for JRE 5.

References

<http://www.zerodayinitiative.com/advisories/ZDI-10-060/&gt;
<http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html&gt;

Limitations

This exploit has been tested against Oracle JRE 6 Update 18 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).

Platforms

Windows

Related

checkpoint_advisories 1
veracode 1
saint 3
prion 1
securityvulns 4
cve 1
zdi 1
packetstorm 1
seebug 1
metasploit 1
ubuntucve 1
exploitdb 1
thn 2
nessus 25
redhat 7
securelist 1
suse 2
openvas 13
gentoo 1
oracle 1
checkpoint_advisories
checkpoint_advisories
Oracle Java SE MixerSequencer Object GM_Song Remote Code Execution (CVE-2010-0842)
2017-10-03 00:00:00
veracode
veracode
Privilege Escalation
2020-04-10 00:45:53
saint
saint
Java Runtime Environment MixerSequence Function Pointer Control
2012-02-28 00:00:00
Java Runtime Environment MixerSequence Function Pointer Control
2012-02-28 00:00:00
Java Runtime Environment MixerSequence Function Pointer Control
2012-02-28 00:00:00
prion
prion
Design/Logic Flaw
2010-04-01 16:30:00
securityvulns
securityvulns
ZDI-10-060: Sun Java Runtime Environment MixerSequencer Invalid Array Index Remote Code Execution Vulnerability
2010-04-06 00:00:00
Oracle Sun Java multiple security vulnerabilities
2010-04-07 00:00:00
[security bulletin] HPSBMA02547 SSRT100179 rev.1 - HP Systems Insight Manager &#40;SIM&#41; for HP-UX, Linux, and Windows, Remote Execution of Arbitrary Code and Other Vulnerabilities
2010-07-18 00:00:00
cve
cve
CVE-2010-0842
2010-04-01 16:30:00
zdi
zdi
Sun Java Runtime Environment MixerSequencer Invalid Array Index Remote Code Execution Vulnerability
2010-04-05 00:00:00
packetstorm
packetstorm
Java MixerSequencer Object GM_Song Structure Handling
2012-02-17 00:00:00
seebug
seebug
Java MixerSequencer Object GM_Song Structure Handling Vulnerability
2014-07-01 00:00:00
metasploit
metasploit
Java MixerSequencer Object GM_Song Structure Handling Vulnerability
2012-02-15 22:32:31
ubuntucve
ubuntucve
CVE-2010-0842
2010-04-01 00:00:00
exploitdb
exploitdb
Java MixerSequencer Object - GM_Song Structure Handling (Metasploit)
2012-02-16 00:00:00
thn
thn
Researchers caught espionage malware mastermind on webcam
2012-10-30 20:02:00
Bleeding Life 2 Exploit Pack Released
2011-10-24 04:30:00
nessus
nessus
RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2010:0489)
2010-06-18 00:00:00
RHEL 3 / 4 / 5 : java-1.4.2-ibm (RHSA-2010:0574)
2010-07-30 00:00:00
SuSE9 Security Update : IBM Java (YOU Patch Number 12626)
2010-09-03 00:00:00
redhat
redhat
(RHSA-2010:0489) Critical: java-1.5.0-ibm security update
2010-06-17 00:00:00
(RHSA-2010:0574) Critical: java-1.4.2-ibm security update
2010-07-29 00:00:00
(RHSA-2010:0586) Moderate: java-1.4.2-ibm-sap security update
2010-08-02 00:00:00
securelist
securelist
Investigation Report for the September 2014 Equation malware detection incident in the US
2017-11-16 10:00:34
suse
suse
remote code execution in java-1_6_0-ibm
2010-07-01 17:43:53
remote code execution in java-1_5_0-ibm
2010-07-06 17:26:45
openvas
openvas
HP-UX Update for Java HPSBUX02524
2010-06-07 00:00:00
HP-UX Update for Java HPSBUX02524
2010-06-07 00:00:00
Oracle Java SE Multiple Vulnerabilities (Windows)
2010-04-07 00:00:00
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2010-06-04 00:00:00
oracle
oracle
Security | Oracle Critical Patch Update - July 2010
2010-07-13 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.97 High

EPSS

Percentile

99.7%

JSON
Related for SAINT:4C1ED931D5E7FE0F61E2D03D1797B72E
checkpoint_advisories1veracode1saint3prion1securityvulns4cve1zdi1packetstorm1seebug1metasploit1ubuntucve1exploitdb1thn2nessus25redhat7securelist1suse2openvas13gentoo1oracle1