Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiAnonymousZDI-12-060
HistoryApr 09, 2012 - 12:00 a.m.

Oracle Java Runtime readMabCurveData nTblSize Remote Code Execution Vulnerability

2012-04-0900:00:00
Anonymous
www.zerodayinitiative.com
14

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.12 Low

EPSS

Percentile

95.3%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within cmm.dll. While parsing multi-function a to b curve data the size of an allocation is calculated based on user supplied data. It is possible to cause an integer wrap on the nTblSize variable. This variable is later used to allocate an heap buffer which will be smaller than necessary resulting in heap memory corruption. This can lead to remote code execution under the context of the current user.

Related

prion 1
ubuntucve 1
cve 1
openvas 10
ibm 4
nessus 16
veracode 3
redhat 4
suse 2
securityvulns 1
seebug 1
oracle 1
gentoo 1
prion
prion
Design/Logic Flaw
2012-02-15 22:55:00
ubuntucve
ubuntucve
CVE-2012-0498
2012-02-15 00:00:00
cve
cve
CVE-2012-0498
2012-02-15 22:55:00
openvas
openvas
Oracle Java SE JRE Multiple Vulnerabilities - February 2012 (Windows - 03)
2012-02-21 00:00:00
Oracle Java SE JDK Multiple Vulnerabilities - 03 - (Feb 2012) - Windows
2012-02-21 00:00:00
Oracle Java SE JRE Multiple Vulnerabilities - 03 - (Feb 2012) - Windows
2012-02-21 00:00:00
ibm
ibm
Security Bulletin: The Java version bundled with IBM Cognos Express is susceptible to unspecified vulnerabilities in the Java Runtime Environment (JRE) (CVE-2012-0498 and CVE-2012-5081)
2022-11-10 12:06:25
Security Bulletin: Multiple vulnerabilities in IBM Cognos BI 8.4.1,10.1, 10.1.1 and 10.2 (CVE-2011-3026, CVE-2011-4858, CVE-2012-0498, CVE-2012-2177, CVE-2012-2193, CVE-2012-4835, CVE-2012-4836, CVE-2012-4837, CVE-2012-4840, CVE-2012-4858, CVE-2012-5081)
2022-11-28 19:30:48
Potential Security Vulnerabilities With JavaTM SDKs
2018-06-17 14:05:25
nessus
nessus
Oracle JRockit R27 < R27.7.2.5 / R28 < R28.2.3.13 Multiple Vulnerabilities (April 2012 CPU)
2014-07-22 00:00:00
SuSE 10 Security Update : IBM Java 1.6.0 (ZYPP Patch Number 8100)
2012-05-10 00:00:00
Scientific Linux Security Update : java-1.6.0-sun on SL4.x, SL5.x i386/x86_64 (20120216)
2012-08-01 00:00:00
veracode
veracode
Memory Corruption
2019-05-02 04:41:04
Memory Corruption
2019-05-02 04:41:05
Memory Corruption
2019-05-02 04:41:05
redhat
redhat
(RHSA-2012:0139) Critical: java-1.6.0-sun security update
2012-02-16 00:00:00
(RHSA-2012:0514) Critical: java-1.6.0-ibm security update
2012-04-24 00:00:00
(RHSA-2012:0508) Critical: java-1.5.0-ibm security update
2012-04-23 00:00:00
suse
suse
Security update for IBM Java 1.6.0 (important)
2012-05-09 21:08:17
Security update for IBM Java 1.6.0 (important)
2012-05-09 20:08:14
securityvulns
securityvulns
Oracle Java multiple security vulnerabilities
2012-08-20 00:00:00
seebug
seebug
IBM Rational AppScan 8.x/7.x 多个安全漏洞
2012-06-16 00:00:00
oracle
oracle
Oracle Critical Patch Update - April 2012
2012-07-19 00:00:00
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2014-01-27 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.12 Low

EPSS

Percentile

95.3%

JSON
Related for ZDI-12-060
prion1ubuntucve1cve1openvas10ibm4nessus16veracode3redhat4suse2securityvulns1seebug1oracle1gentoo1