Lucene search

K

John LeitchZDI-14-013

HistoryFeb 05, 2014 - 12:00 a.m.

Oracle Java TTF Font Parsing Heap Corruption Remote Code Execution Vulnerability

2014-02-0500:00:00

John Leitch

www.zerodayinitiative.com

19

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.433 Medium

EPSS

Percentile

97.3%

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing routines of a ttf font file with a large offset value for a script table. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.

References

www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.433 Medium

EPSS

Percentile

97.3%

Related for ZDI-14-013

veracode13 prion1 cve1 ubuntucve1 checkpoint_advisories1 zdi1 ibm10 redhat10 nessus37 openvas36 ubuntu3 oraclelinux3 amazon2 mageia1 centos3 suse5 aix1 f52 securityvulns1 oracle1 gentoo1