ID CVE-2010-0843
Summary Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to XNewPtr and improper handling of an integer parameter when allocating heap memory in the com.sun.media.sound libraries, which allows remote attackers to execute arbitrary code. Per: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html 'Affected product releases and versions: • Java SE: • JDK and JRE 6 Update 18 and earlier for Windows, Solaris, and Linux • JDK 5.0 Update 23 and earlier for Solaris • SDK 1.4.2_25 and earlier for Solaris • Java for Business: • JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux • JDK and JRE 5.0 Update 23 and earlier for Windows, Solaris and Linux • SDK and JRE 1.4.2_25 and earlier for Windows, Solaris and Linux'
References
Vulnerable Configurations
  • cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.3.1_27:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.3.1_27:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_25:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_25:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.3.1_27:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.3.1_27:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.4.2_25:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.4.2_25:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 10-10-2018 - 19:54)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
accepted 2015-03-23T04:00:35.254-04:00
class vulnerability
contributors
  • name Scott Quint
    organization DTCC
  • name Dragos Prisaca
    organization G2, Inc.
  • name Maria Mikhno
    organization ALTX-SOFT
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Java SE Runtime Environment 6 is installed
    oval oval:org.mitre.oval:def:16362
  • comment Java SE Development Kit 5 is installed
    oval oval:org.mitre.oval:def:16292
  • comment Java SE Development Kit 6 is installed
    oval oval:org.mitre.oval:def:15831
  • comment Java SE Runtime Environment 5 is installed
    oval oval:org.mitre.oval:def:15748
description Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to XNewPtr and improper handling of an integer parameter when allocating heap memory in the com.sun.media.sound libraries, which allows remote attackers to execute arbitrary code.
family windows
id oval:org.mitre.oval:def:14092
status accepted
submitted 2011-11-25T18:03:46.000-05:00
title Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to XNewPtr and improper handling of an integer parameter when allocating heap memory in the com.sun.media.sound libraries, which allows remote attackers to execute arbitrary code.
version 11
redhat via4
advisories
  • rhsa
    id RHSA-2010:0337
  • rhsa
    id RHSA-2010:0338
  • rhsa
    id RHSA-2010:0383
  • rhsa
    id RHSA-2010:0471
  • rhsa
    id RHSA-2010:0489
rpms
  • java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4
  • java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5
  • java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4
  • java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5
  • java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4
  • java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5
  • java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4
  • java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5
  • java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4
  • java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5
  • java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4
  • java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5
  • java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4
  • java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5
  • java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4
  • java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5
  • java-1.6.0-ibm-accessibility-1:1.6.0.8-1jpp.1.el5
  • java-1.6.0-ibm-demo-1:1.6.0.8-1jpp.1.el4
  • java-1.6.0-ibm-demo-1:1.6.0.8-1jpp.1.el5
  • java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4
  • java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5
  • java-1.6.0-ibm-javacomm-1:1.6.0.8-1jpp.1.el4
  • java-1.6.0-ibm-javacomm-1:1.6.0.8-1jpp.1.el5
  • java-1.6.0-ibm-jdbc-1:1.6.0.8-1jpp.1.el4
  • java-1.6.0-ibm-jdbc-1:1.6.0.8-1jpp.1.el5
  • java-1.6.0-ibm-plugin-1:1.6.0.8-1jpp.1.el4
  • java-1.6.0-ibm-plugin-1:1.6.0.8-1jpp.1.el5
  • java-1.6.0-ibm-src-1:1.6.0.8-1jpp.1.el4
  • java-1.6.0-ibm-src-1:1.6.0.8-1jpp.1.el5
  • java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4
  • java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5
  • java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4
  • java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5
  • java-1.5.0-ibm-1:1.5.0.11.2-1jpp.1.el4
  • java-1.5.0-ibm-1:1.5.0.11.2-1jpp.1.el5
  • java-1.5.0-ibm-accessibility-1:1.5.0.11.2-1jpp.1.el5
  • java-1.5.0-ibm-demo-1:1.5.0.11.2-1jpp.1.el4
  • java-1.5.0-ibm-demo-1:1.5.0.11.2-1jpp.1.el5
  • java-1.5.0-ibm-devel-1:1.5.0.11.2-1jpp.1.el4
  • java-1.5.0-ibm-devel-1:1.5.0.11.2-1jpp.1.el5
  • java-1.5.0-ibm-javacomm-1:1.5.0.11.2-1jpp.1.el4
  • java-1.5.0-ibm-javacomm-1:1.5.0.11.2-1jpp.1.el5
  • java-1.5.0-ibm-jdbc-1:1.5.0.11.2-1jpp.1.el4
  • java-1.5.0-ibm-jdbc-1:1.5.0.11.2-1jpp.1.el5
  • java-1.5.0-ibm-plugin-1:1.5.0.11.2-1jpp.1.el4
  • java-1.5.0-ibm-plugin-1:1.5.0.11.2-1jpp.1.el5
  • java-1.5.0-ibm-src-1:1.5.0.11.2-1jpp.1.el4
  • java-1.5.0-ibm-src-1:1.5.0.11.2-1jpp.1.el5
  • java-1.4.2-ibm-0:1.4.2.13.5-1jpp.1.el3
  • java-1.4.2-ibm-0:1.4.2.13.5-1jpp.1.el4
  • java-1.4.2-ibm-0:1.4.2.13.5-1jpp.1.el5
  • java-1.4.2-ibm-demo-0:1.4.2.13.5-1jpp.1.el3
  • java-1.4.2-ibm-demo-0:1.4.2.13.5-1jpp.1.el4
  • java-1.4.2-ibm-demo-0:1.4.2.13.5-1jpp.1.el5
  • java-1.4.2-ibm-devel-0:1.4.2.13.5-1jpp.1.el3
  • java-1.4.2-ibm-devel-0:1.4.2.13.5-1jpp.1.el4
  • java-1.4.2-ibm-devel-0:1.4.2.13.5-1jpp.1.el5
  • java-1.4.2-ibm-javacomm-0:1.4.2.13.5-1jpp.1.el4
  • java-1.4.2-ibm-javacomm-0:1.4.2.13.5-1jpp.1.el5
  • java-1.4.2-ibm-jdbc-0:1.4.2.13.5-1jpp.1.el3
  • java-1.4.2-ibm-jdbc-0:1.4.2.13.5-1jpp.1.el4
  • java-1.4.2-ibm-jdbc-0:1.4.2.13.5-1jpp.1.el5
  • java-1.4.2-ibm-plugin-0:1.4.2.13.5-1jpp.1.el3
  • java-1.4.2-ibm-plugin-0:1.4.2.13.5-1jpp.1.el4
  • java-1.4.2-ibm-plugin-0:1.4.2.13.5-1jpp.1.el5
  • java-1.4.2-ibm-src-0:1.4.2.13.5-1jpp.1.el3
  • java-1.4.2-ibm-src-0:1.4.2.13.5-1jpp.1.el4
  • java-1.4.2-ibm-src-0:1.4.2.13.5-1jpp.1.el5
  • java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8
  • java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5
  • java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8
  • java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5
  • java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8
  • java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5
  • java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8
  • java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5
  • java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8
  • java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5
refmap via4
apple
  • APPLE-SA-2010-05-18-1
  • APPLE-SA-2010-05-18-2
bid 39083
bugtraq
  • 20100405 ZDI-10-052: Sun Java Runtime Environment XNewPtr Remote Code Execution Vulnerability
  • 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
confirm
hp
  • HPSBMA02547
  • HPSBMU02799
  • HPSBUX02524
  • SSRT100089
  • SSRT100179
misc http://www.zerodayinitiative.com/advisories/ZDI-10-052/
osvdb 63492
secunia
  • 39317
  • 39659
  • 39819
  • 40211
  • 40545
  • 43308
suse
  • SUSE-SR:2010:008
  • SUSE-SR:2010:017
vupen
  • ADV-2010-1191
  • ADV-2010-1454
  • ADV-2010-1523
  • ADV-2010-1793
Last major update 10-10-2018 - 19:54
Published 01-04-2010 - 16:30
Last modified 10-10-2018 - 19:54
Back to Top