Информационная безопасность
[RU] switch to English


Дополнительная информация

  Многочисленные уязвимости безопасности в Oracle Java

  ZDI-11-199: Oracle Java Soundbank Decompression Remote Code Execution Vulnerability

  Java HotSpot Cryptographic Provider signature verification vulnerability

  ZDI-11-182: Oracle Java IE Browser Plugin Corrupted Window Procedure Hook Remote Code Execution Vulnerability

  ZDI-11-183: Oracle Java ICC Profile MultiLanguage 'mluc' Tag Parsing Remote Code Execution Vulnerability

From:ZDI
Date:19 июня 2011 г.
Subject:TPTI-11-06: Oracle Java ICC Profile rcs2 Tag Parsing Remote Code Execution Vulnerability

TPTI-11-06: Oracle Java ICC Profile rcs2 Tag Parsing Remote Code Execution Vulnerability

http://dvlabs.tippingpoint.com/advisory/TPTI-11-06

June 15, 2011

-- CVE ID:
CVE-2011-0862

-- CVSS:
7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P)

-- Affected Vendors:
Oracle

-- Affected Products:
Oracle Java Runtime

-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 11228.
For further product information on the TippingPoint IPS, visit:

   http://www.tippingpoint.com

-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of the Oracle Java Runtime. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page.

The specific flaw exists within the way Java handles color profiles.
When parsing a color profile containing a invalid 'rcs2' tag, the
process can be forced to overflow an integer value during an arithmetic
operation. The newly calculated value is then used to allocate memory on
the heap. By providing specific values it is possible to cause a memory
corruption that can lead to remote code being executed under to user
running the browser.

-- Vendor Response:
Oracle has issued an update to correct this vulnerability. More
details can be found at:

http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html

-- Disclosure Timeline:
2011-01-21 - Vulnerability reported to vendor
2011-06-15 - Coordinated public release of advisory

-- Credit:
This vulnerability was discovered by:
   * Peter Vreugdenhil, TippingPoint DVLabs

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород