Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Oracle Java
дополнено с 10 июня 2011 г.
Опубликовано:19 июня 2011 г.
Источник:
SecurityVulns ID:11721
Тип:библиотека
Уровень опасности:
9/10
Описание:Многочисленные целочисленные переполнения при разборе профилей ICC. Переход по неинициализированному указателю в Windows. Выполнение шел-команд в Java Web Start.
Затронутые продукты:ORACLE : Jre 6.0
 ORACLE : JDK 6.0
CVE:CVE-2011-0863 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.)
 CVE-2011-0862 (Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.)
 CVE-2011-0817 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.)
Оригинальный текстdocumentZDI, TPTI-11-06: Oracle Java ICC Profile rcs2 Tag Parsing Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, ZDI-11-199: Oracle Java Soundbank Decompression Remote Code Execution Vulnerability (19.06.2011)
 documentZacheusz Siedlecki, Java HotSpot Cryptographic Provider signature verification vulnerability (11.06.2011)
 documentZDI, ZDI-11-182: Oracle Java IE Browser Plugin Corrupted Window Procedure Hook Remote Code Execution Vulnerability (10.06.2011)
 documentZDI, ZDI-11-183: Oracle Java ICC Profile MultiLanguage 'mluc' Tag Parsing Remote Code Execution Vulnerability (10.06.2011)
 documentZDI, ZDI-11-184: Oracle Java ICC Profile Sequence Description 'pseq' Tag Parsing Remote Code Execution Vulnerability (10.06.2011)
 documentZDI, ZDI-11-185: Oracle Java ICC Profile 'bfd ' Tag Parsing Remote Code Execution Vulnerability (10.06.2011)
 documentZDI, ZDI-11-188: Oracle Java ICC Profile ncl2 Count Tag Parsing Remote Code Execution Vulnerability (10.06.2011)
 documentZDI, ZDI-11-191: Oracle Java ICC Screening Tag Parsing Remote Code Execution Vulnerability (10.06.2011)
 documentZDI, ZDI-11-192: Oracle Java Web Start Command Argument Injection Remote Code Execution Vulnerability (10.06.2011)
 documentZDI, ZDI-11-190: Oracle Java ICC Profile 'crdi' Tag Parsing Remote Code Execution Vulnerability (10.06.2011)
 documentZDI, ZDI-11-186: Oracle Java ICC Profile Multi-Language 'curv' Tag Parsing Remote Code Execution Vulnerability (10.06.2011)
 documentZDI, ZDI-11-189: Oracle Java ICC Profile ncl2 DevCoords Tag Parsing Remote Code Execution Vulnerability (10.06.2011)
 documentZDI, ZDI-11-187: Oracle Java ICC Profile clrt Tag Parsing Remote Code Execution Vulnerability (10.06.2011)
 documentVUPEN Security Research, VUPEN Security Research - Oracle Java ICC Profile "bfd" Tag Integer Overflow Code Execution Vulnerability (10.06.2011)
 documentVUPEN Security Research, VUPEN Security Research - Oracle Java ICC Profile "clrt" Tag Integer Overflow Code Execution Vulnerability (10.06.2011)
 documentVUPEN Security Research, VUPEN Security Research - Oracle Java ICC Profile "ncl2" Tag Integer Overflow Code Execution Vulnerability (10.06.2011)
 documentVUPEN Security Research, VUPEN Security Research - Oracle Java ICC Profile "pseq" Tag Integer Overflow Code Execution Vulnerability (10.06.2011)
 documentVUPEN Security Research, VUPEN Security Research - Oracle Java ICC Profile "scrn" Tag Integer Overflow Code Execution Vulnerability (10.06.2011)
 documentVUPEN Security Research, VUPEN Security Research - Oracle Java ICC Profile "mluc" Tag Integer Overflow Code Execution Vulnerability (10.06.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород