SAINT CorporationSAINT:56DBF2C15BD9FE1E624F628B26F9DCFDJava Runtime CMM readMabCurveData Buffer Overflow
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.587 Medium
EPSS
Percentile
97.7%
Added: 10/04/2010
CVE: CVE-2010-0838
BID: 39069
OSVDB: 63500
Background
Oracle Java SE and Java for Business are development platforms for developing and deploying Java applications. They include the Java SE Development Kit (JDK) and the Java Runtime Environment (JRE). The JRE provides the minimum requirements for executing a Java application (e.g., an applet) and consists of the Java Virtual Machine (JVM), core classes and supporting files. One of the libraries included in the JVM is the Color Management Module (CMM), which controls the conversion among the color representations used by various devices by processing International Color Consortium (ICC) profiles.
Problem
Oracle Java SE and Java for Business 6 Update 18 and prior, and 5.0 Update 23 and prior are vulnerable to a buffer overflow in the CMM readMabCurveData function. A remote attacker could gain system access if a user opens a Java applet that imports a malicious ICC profile that specifies an invalid count for curveType objects passed to the readMabCurveData function.
Resolution
Apply the patches detailed in the Oracle Java SE and Java for Business Critical Patch Update Advisory for March 2010.
References
<http://www.zerodayinitiative.com/advisories/ZDI-10-061/>
Limitations
Exploit works on Oracle Java SE and Java for Business containing Oracle JRE 6 Update 18.
The user must open the exploit in Internet Explorer 6, 7, or 8 or Mozilla Firefox 2.x or 3.x.
Platforms
Windows
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.587 Medium
EPSS
Percentile
97.7%