Apple Quicktime For Java远程堆溢出漏洞

Apple QuickTime是一款流行的多媒体播放器，支持多种媒体格式。 QuickTime的实现上存在漏洞，远程攻击者可能利用此漏洞控制用户机器。 QuickTime for Java可能允许在所分配的堆之外实例化或操作对象。漏洞起因是QTObject的子类没有正确设置安全限制，不可信任的Java代码允许将调用QTJava.dll中不安全函数的QuickTime对象归为子类，导致读写任意内存。如果用户受骗访问了包含有特制Java Applet的Web页面的话，就可能触发堆溢出，导致执行任意指令。 Apple QuickTime Player 7.1.6...

Apple QuickTime for Java information disclosure vulnerability

Overview Apple QuickTime for Java fails to properly clear memory. As a result, sensitive information may be exposed to unintended parties. Description Apple QuickTime includes the ability to integrate QuickTime into Java applications and applets. This feature is known as QuickTime for Java. Apple...

Quicktime Multiple Vulnerabilities (Mac OS X 7.1.6 Security Update)

According to its version, the installation of Quicktime on the remote Mac OS X host that contains a bug which might allow a rogue Java program to write anywhere in the heap. An attacker may be able to leverage these issues to execute arbitrary code on the remote host by luring a victim into...

Quicktime < 7.1.6 quicktime.util.QTHandleRef toQTPointer Method Arbitrary Code Execution (Mac OS X)

According to its version, the installation of Quicktime on the remote Mac OS X host which contains a bug which might allow a rogue Java program to write anywhere in the heap. An attacker may be able to leverage these issues to execute arbitrary code on the remote host by luring a victim into...

Akamai Technologies Security Advisory 2007-0001

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------- Akamai Technologies Security Advisory 2007-0001 Akamai ID: 2007-0001 Date: 2007/04/16 Product Name: Download Manager Affected Versions: 2.2.1.0 Fixed Version: 2.2.1.0 CVE IDs: CVE-2007-1891...

AMD64 x86 emulation Sun's J2SE Development Kit: Multiple vulnerabilities

Background The Sun Java Development Kit JDK and the Sun Java Runtime Environment JRE provide the Sun Java platform. The x86 emulation Sun's J2SE Development Kit for AMD64 contains a vulnerable version of Sun's JDK. Description Chris Evans has discovered multiple buffer overflows in Sun JDK and Su...

GLSA-200701-15 : Sun JDK/JRE: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200701-15 Sun JDK/JRE: Multiple vulnerabilities Chris Evans has discovered multiple buffer overflows in Sun JDK and Sun JRE possibly related to various AWT or font layout functions. Tom Hawtin has discovered an unspecified...

Sun JDK/JRE: Multiple vulnerabilities

Background The Sun Java Development Kit JDK and the Sun Java Runtime Environment JRE provide the Sun Java platform. Description Chris Evans has discovered multiple buffer overflows in Sun JDK and Sun JRE possibly related to various AWT or font layout functions. Tom Hawtin has discovered an...

Multiple OpenOffice security vulnerabilities

BASIC macro auto launch without user intercation, Java applet sandbox protection bypass, XML parsing buffer overflow...

JDK java applet disk space DoS

It's possible to consume all available disk space with temporary file...

Sun Java Reflection API security bypass vulnerabilities

Overview Multiple vulnerabilities in the Sun Java Reflection API may allow an untrusted Java applet to bypass security restrictions and execute arbitrary code. Description The Sun Java Reflection API allows Java classes to determine information about other Java classes, such as public methods...

GLSA-200601-10 : Sun and Blackdown Java: Applet privilege escalation

The remote host is affected by the vulnerability described in GLSA-200601-10 Sun and Blackdown Java: Applet privilege escalation Adam Gowdiak discovered multiple vulnerabilities in the Java Runtime Environment's Reflection APIs that may allow untrusted applets to elevate privileges. Impact : A...

CVE-2005-4197

tunnelform.yaws in Nortel SSL VPN 4.2.1.6 allows remote attackers to execute arbitrary commands via a link in the a parameter, which is executed with extra privileges in a cryptographically signed Java Applet...

CVE-2005-3946

Opera 8.50 allows remote attackers to cause a denial of service crash via a Java applet with a large string argument to the removeMember JNI method for the com.opera.JSObject class...

CVE-2005-3946

Opera 8.50 allows remote attackers to cause a denial of service crash via a Java applet with a large string argument to the removeMember JNI method for the com.opera.JSObject class...

Important: Red Hat Security Advisory: kdelibs security update

Updated kdelibs packages that resolve security issues in Konqueror are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdelibs packages include libraries for the K Desktop Environment. Two flaw...

Konqueror: Java sandbox vulnerabilities

Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. Konqueror is the KDE web browser and file manager. Description Konqueror contains two errors that allow JavaScript scripts and Java applets to have access to restricted Java classes. Impact A...

Mandrake Linux Security Advisory : kdelibs (MDKSA-2004:154)

A vulnerability in the Konqueror webbrowser was discovered where an untrusted java applet could escalate privileges through JavaScript calling into Java code. This includes the reading and writing of files with the privileges of the user running the applet. The provided packages have been patched...

GLSA-200411-38 : Sun and Blackdown Java: Applet privilege escalation

The remote host is affected by the vulnerability described in GLSA-200411-38 Sun and Blackdown Java: Applet privilege escalation All Java plug-ins are subject to a vulnerability allowing unrestricted Java package access. Impact : A remote attacker could embed a malicious Java applet in a web page...

Sun and Blackdown Java: Applet privilege escalation

Background Sun and Blackdown both provide implementations of Java Development Kits JDK and Java Runtime Environments JRE. All these implementations provide a Java plug-in that can be used to execute Java applets in a restricted environment for web browsers. Description All Java plug-ins are subje...