CERTA-2003-AVI-088

Vulnerability from certfr_avis - Published: - Updated:

None

Description

Java Media Framework (JMF) est un paquetage Java (optionnel) permettant à une application Java de traiter des flux audio et vidéo.

Selon Sun, une vulnérabilité présente dans JMF peut être exploitée au moyen d'une apliquette (applet) téléchargée depuis un site hostile afin de réaliser une élévation de privilèges ou de forcer l'arrêt brutal de la Machine Virtuelle Java (JVM).

Solution

La version 2.1.1e du JMF corrige la vulnérabilité :

http://java.sun.com/products/java-media/jmf

Java Media Framework (JMF) versions 2.1.1, 2.1.1a, 2.1.1b et 2.1.1c.

Impacted products
Vendor Product Description
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eJava Media Framework (JMF) versions  2.1.1, 2.1.1a, 2.1.1b et 2.1.1c.\u003c/p\u003e",
  "content": "## Description\n\nJava Media Framework (JMF) est un paquetage Java (optionnel) permettant\n\u00e0 une application Java de traiter des flux audio et vid\u00e9o.\n\nSelon Sun, une vuln\u00e9rabilit\u00e9 pr\u00e9sente dans JMF peut \u00eatre exploit\u00e9e au\nmoyen d\u0027une apliquette (applet) t\u00e9l\u00e9charg\u00e9e depuis un site hostile afin\nde r\u00e9aliser une \u00e9l\u00e9vation de privil\u00e8ges ou de forcer l\u0027arr\u00eat brutal de\nla Machine Virtuelle Java (JVM).\n\n## Solution\n\nLa version 2.1.1e du JMF corrige la vuln\u00e9rabilit\u00e9 :\n\n    http://java.sun.com/products/java-media/jmf\n",
  "cves": [],
  "links": [
    {
      "title": "Alerte de s\u00e9curit\u00e9 #54760 \"JVM may crash  due to vulnerability in the Java Media Framework (JMF)\" de Sun :",
      "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F54760"
    }
  ],
  "reference": "CERTA-2003-AVI-088",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2003-05-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9 du Java Media Framework",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Alerte de s\u00e9curit\u00e9 #54760 de Sun",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.