Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiRegenrechtZDI-10-054
HistoryApr 05, 2010 - 12:00 a.m.

Sun Java Runtime Environment JPEGImageReader stepX Remote Code Execution Vulnerability

2010-04-0500:00:00
regenrecht
www.zerodayinitiative.com
9

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.195 Low

EPSS

Percentile

96.2%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun’s Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the processing of JPEG image dimensions. When specifying large values to the dimensions of a subsample an integer overflow occurs leading to memory corruption. Successful exploitation of this vulnerability can lead to a compromise under the credentials of the currently logged in user.

Related

prion 1
securityvulns 4
ubuntucve 1
veracode 1
cve 1
nessus 28
redhat 7
fedora 3
openvas 17
suse 2
gentoo 1
oracle 1
prion
prion
Integer overflow
2010-04-01 16:30:00
securityvulns
securityvulns
ZDI-10-054: Sun Java Runtime Environment JPEGImageReader stepX Remote Code Execution Vulnerability
2010-04-06 00:00:00
Oracle Sun Java multiple security vulnerabilities
2010-04-07 00:00:00
[security bulletin] HPSBMA02547 SSRT100179 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Execution of Arbitrary Code and Other Vulnerabilities
2010-07-18 00:00:00
ubuntucve
ubuntucve
CVE-2010-0841
2010-04-01 00:00:00
veracode
veracode
Privilege Escalation
2020-04-10 00:45:52
cve
cve
CVE-2010-0841
2010-04-01 16:30:00
nessus
nessus
RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2010:0489)
2010-06-18 00:00:00
SuSE 11 / 11.1 Security Update : IBM Java / Java (SAT Patch Numbers 2812 / 2813)
2010-12-02 00:00:00
Fedora 11 : java-1.6.0-openjdk-1.6.0.0-34.b17.fc11 (2010-6039)
2010-07-01 00:00:00
redhat
redhat
(RHSA-2010:0489) Critical: java-1.5.0-ibm security update
2010-06-17 00:00:00
(RHSA-2010:0586) Moderate: java-1.4.2-ibm-sap security update
2010-08-02 00:00:00
(RHSA-2010:0574) Critical: java-1.4.2-ibm security update
2010-07-29 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: java-1.6.0-openjdk-1.6.0.0-34.b17.fc11
2010-04-09 01:32:00
[SECURITY] Fedora 12 Update: java-1.6.0-openjdk-1.6.0.0-37.b17.fc12
2010-04-09 01:28:22
[SECURITY] Fedora 13 Update: java-1.6.0-openjdk-1.6.0.0-37.b17.fc13
2010-04-09 21:05:39
openvas
openvas
Fedora Update for java-1.6.0-openjdk FEDORA-2010-6025
2010-04-09 00:00:00
Fedora Update for java-1.6.0-openjdk FEDORA-2010-6025
2010-04-09 00:00:00
Fedora Update for java-1.6.0-openjdk FEDORA-2010-6039
2010-04-09 00:00:00
suse
suse
remote code execution in java-1_5_0-ibm
2010-07-06 17:26:45
remote code execution in java-1_6_0-ibm
2010-07-01 17:43:53
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2010-06-04 00:00:00
oracle
oracle
Security | Oracle Critical Patch Update - July 2010
2010-07-13 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.195 Low

EPSS

Percentile

96.2%

JSON
Related for ZDI-10-054
prion1securityvulns4ubuntucve1veracode1cve1nessus28redhat7fedora3openvas17suse2gentoo1oracle1