Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiBinaryproofZDI-11-085
HistoryFeb 15, 2011 - 12:00 a.m.

Oracle Java XGetSamplePtrFromSnd Remote Code Execution Vulnerability

2011-02-1500:00:00
binaryproof
www.zerodayinitiative.com
12

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.083 Low

EPSS

Percentile

94.3%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within jsound!XGetSamplePtrFromSnd. When extracting a sample from a soundbank stream user supplied data is used to calculate the bounds of a call to PV_Swap16BitSamples. By supplying a specially crafted sound file, a remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.

Related

veracode 1
checkpoint_advisories 1
securityvulns 2
ubuntucve 3
prion 3
cve 3
nessus 27
redhat 6
openvas 14
suse 4
vmware 2
oracle 1
gentoo 1
veracode
veracode
Unspecified Vulnerability
2020-04-10 00:57:55
checkpoint_advisories
checkpoint_advisories
Oracle Java XGetSamplePtrFromSnd Memory Corruption (CVE-2010-4462)
2011-06-28 00:00:00
securityvulns
securityvulns
ZDI-11-085: Oracle Java XGetSamplePtrFromSnd Remote Code Execution Vulnerability
2011-02-17 00:00:00
Oracle Java multiple security vulnerabilities / OpenJDK
2011-02-17 00:00:00
ubuntucve
ubuntucve
CVE-2010-4454
2011-02-17 00:00:00
CVE-2010-4473
2011-02-17 00:00:00
CVE-2010-4462
2011-02-17 00:00:00
prion
prion
Design/Logic Flaw
2011-02-17 19:00:00
Design/Logic Flaw
2011-02-17 19:00:00
Design/Logic Flaw
2011-02-17 19:00:00
cve
cve
CVE-2010-4454
2011-02-17 19:00:00
CVE-2010-4462
2011-02-17 19:00:00
CVE-2010-4473
2011-02-17 19:00:00
nessus
nessus
RHEL 4 / 5 : java-1.4.2-ibm (RHSA-2011:0490)
2011-05-06 00:00:00
SuSE9 Security Update : IBM Java JRE and SDK (YOU Patch Number 12706)
2011-05-13 00:00:00
SuSE 11.1 Security Update : IBM Java (SAT Patch Number 4481)
2011-05-13 00:00:00
redhat
redhat
(RHSA-2011:0490) Critical: java-1.4.2-ibm security update
2011-05-05 00:00:00
(RHSA-2011:0870) Moderate: java-1.4.2-ibm-sap security update
2011-06-15 00:00:00
(RHSA-2011:0364) Critical: java-1.5.0-ibm security update
2011-03-17 00:00:00
openvas
openvas
Oracle Java SE Multiple Unspecified Vulnerabilities (Windows)
2011-02-28 00:00:00
Oracle Java SE Multiple Unspecified Vulnerabilities - Windows
2011-02-28 00:00:00
Java for Mac OS X 10.6 Update 4
2011-08-29 00:00:00
suse
suse
remote code execution in java-1_4_2-ibm
2011-05-13 13:10:27
Security update for IBM Java 1.4.2 (important)
2011-07-22 05:08:11
remote code execution in java-1_6_0-ibm,java-1_5_0-ibm,java-1_4_2-ibm
2011-03-22 13:32:34
vmware
vmware
VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
2011-10-27 00:00:00
VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
2011-10-27 00:00:00
oracle
oracle
cpuapr2011
2011-04-19 00:00:00
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2011-11-05 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.083 Low

EPSS

Percentile

94.3%

JSON
Related for ZDI-11-085
veracode1checkpoint_advisories1securityvulns2ubuntucve3prion3cve3nessus27redhat6openvas14suse4vmware2oracle1gentoo1