CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
92.6%
Added: 04/22/2010
CVE: CVE-2010-0839
BID: 39070
OSVDB: 63494
The Java Runtime Environment (JRE) is part of the Java Development Kit (JDK), a set of programming tools for developing Java applications. The JRE Java programming class library contains the Java Sound Application Interface (API) to provide low-level support for audio operations. The Java Sound API includes the Soundbank interface which contains a set of instruments and SoundbankResources that can be loaded from any arbitrary stream, including file and network streams.
JRE is vulnerable to a stack buffer overflow due to a sign extension error when parsing the length of a resource name in a Soundbank file. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to open a malicious Java applet with a vulnerable application.
Apply the patch for the vulnerable product.
http://secunia.com/advisories/37255/
Exploit works on Java SE 6 Update 18 and requires the user to load the exploit page in Internet Explorer 6.
Windows