Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiIntevydis http://intevydis.comZDI-10-203
HistoryOct 12, 2010 - 12:00 a.m.

Oracle Sun Java ICC Profile Unicode Description Remote Code Execution Vulnerability

2010-10-1200:00:00
Intevydis http://intevydis.com
www.zerodayinitiative.com
16

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.137 Low

EPSS

Percentile

95.6%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle’s Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the implementation of the color profile parser. When processing a particular Tag structure out of a color profile, the parser will read a 32-bit integer and use it to calculate the size for a memory allocation. Due to the result being larger than 32 bits, an integer overflow will occur. This will lead to code execution under the context of the application.

Related

prion 1
cve 1
ubuntucve 1
veracode 1
redhat 6
nessus 26
suse 3
openvas 10
cisco 1
vmware 2
gentoo 1
oracle 1
prion
prion
Integer overflow
2010-10-19 22:00:00
cve
cve
CVE-2010-3571
2010-10-19 22:00:00
ubuntucve
ubuntucve
CVE-2010-3571
2010-10-19 00:00:00
veracode
veracode
Privilege Escalation
2020-04-10 00:52:17
redhat
redhat
(RHSA-2011:0169) Critical: java-1.5.0-ibm security and bug fix update
2011-01-20 00:00:00
(RHSA-2010:0786) Critical: java-1.4.2-ibm security update
2010-10-20 00:00:00
(RHSA-2010:0986) Moderate: java-1.4.2-ibm-sap security update
2010-12-15 00:00:00
nessus
nessus
RHEL 4 / 5 / 6 : java-1.5.0-ibm (RHSA-2011:0169)
2011-01-21 00:00:00
SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7350)
2011-03-21 00:00:00
SuSE9 Security Update : IBM Java (YOU Patch Number 12683)
2011-03-17 00:00:00
suse
suse
remote code execution in java-1_4_2-ibm,IBMJava2-JRE
2010-12-17 11:21:31
remote code execution in java-1_6_0-ibm,java-1_5_0-ibm,java-1_4_2-ibm
2011-03-22 13:32:34
remote code execution in java-1_6_0-ibm
2011-01-25 17:16:52
openvas
openvas
Oracle Java SE Multiple Vulnerabilities (Windows)
2010-10-28 00:00:00
Oracle Java SE Multiple Vulnerabilities - Windows
2010-10-28 00:00:00
HP-UX Update for Java HPSBUX02608
2011-01-04 00:00:00
cisco
cisco
MIT Kerberos GSS-API Library Remote Denial of Service Vulnerability
2010-05-19 15:40:37
vmware
vmware
VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
2011-10-27 00:00:00
VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
2011-10-27 00:00:00
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2011-11-05 00:00:00
oracle
oracle
Oracle Critical Patch Update - January 2011
2011-01-18 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.137 Low

EPSS

Percentile

95.6%

JSON
Related for ZDI-10-203
prion1cve1ubuntucve1veracode1redhat6nessus26suse3openvas10cisco1vmware2gentoo1oracle1