Lucene search
K

Oracle Java ShortComponentRaster.verify() Memory Corruption

🗓️ 17 Sep 2013 00:00:00Reported by Rick FloresType 
zdt
 zdt
🔗 0day.today👁 20 Views

Oracle Java ShortComponentRaster.verify() memory corruption vulnerabilit

Code
+----------+
| OVERVIEW |
+----------+
 
The release of this advisory provides exploitation details in relation to a 
known patched vulnerability in Oracle Java.   These details were obtained 
through the Packet Storm Bug Bounty program and are being released to the 
community.
 
+------------------------------------------------------------------------------+
 
+---------+
| DETAILS |
+---------+
 
The ShortComponentRaster.verify() method in Oracle Java versions prior to 7u25 
is vulnerable to a memory corruption vulnerability that allows bypassing of
"dataOffsets[]" boundary checks when the "numDataElements" field is 0.  This 
vulnerability allows for remote code execution.  User interaction is required 
for this exploit in that the target must visit a malicious page or open a 
malicious file.
 
+------------------------------------------------------------------------------+
 
+------------------+
| PROOF OF CONCEPT |
+------------------+
 
The full exploit code that pops calc.exe is available here:
 
http://packetstormsecurity.com/files/123263/
http://www.exploit-db.com/sploits/28331.tgz
 
+------------------------------------------------------------------------------+
 
+---------------+
| RELATED LINKS |
+---------------+
 
http://www.oracle.com/technetwork/java/javase/7u25-relnotes-1955741.html
 
+------------------------------------------------------------------------------+
 
 
+----------------+
| SHAMELESS PLUG |
+----------------+
 
The Packet Storm Bug Bounty program gives researchers the ability to profit 
from their discoveries.  You can get paid thousands of dollars for one day 
and zero day exploits.  Get involved by contacting us at 
[email protected] or visit the bug bounty page at: 
 
http://packetstormsecurity.com/bugbounty/
 
 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
 
iEYEARECAAYFAlI33ckACgkQrM7A8W0gTbHNzQCeOF96AHgyotSfrnyH6/LRYLnT
NT4An3Q9ROmph1+K/voONZE/MDxpDCxW
=wVjP
-----END PGP SIGNATURE-----

#  0day.today [2018-01-02]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation