[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-0849Date: (C)2010-04-01   (M)2024-02-22


Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow in a decoding routine used by the JPEGImageDecoderImpl interface, which allows code execution via a crafted JPEG image.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
http://www.securityfocus.com/archive/1/510548/100/0/threaded
http://www.securityfocus.com/archive/1/516397/100/0/threaded
BID-39073
SECUNIA-39317
SECUNIA-39659
SECUNIA-39819
SECUNIA-40211
SECUNIA-40545
SECUNIA-43308
ADV-2010-1191
ADV-2010-1454
ADV-2010-1523
ADV-2010-1793
APPLE-SA-2010-05-18-1
APPLE-SA-2010-05-18-2
HPSBMU02799
RHSA-2010:0337
RHSA-2010:0338
RHSA-2010:0383
RHSA-2010:0471
RHSA-2010:0489
SSRT100089
SSRT100179
SUSE-SR:2010:008
SUSE-SR:2010:017
http://support.apple.com/kb/HT4170
http://support.apple.com/kb/HT4171
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
http://www.zerodayinitiative.com/advisories/ZDI-10-057/
oval:org.mitre.oval:def:13795

CPE    234
cpe:/a:sun:jre:1.5.0:update19
cpe:/a:sun:jre:1.5.0:update18
cpe:/a:sun:jre:1.5.0:update17
cpe:/a:sun:jre:1.5.0:update22
...
OVAL    4
oval:org.secpod.oval:def:19675
oval:org.secpod.oval:def:3541
oval:org.secpod.oval:def:3548
oval:org.secpod.oval:def:3549
...

© SecPod Technologies