PT-2010-2570 · Oracle+2 · Java Se+4

Publicado

2010-04-01

·

Atualizado

2018-10-30

·

CVE-2010-0847

CVSS v2.0

7.5

Alta

VetorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Oracle Java SE and Java for Business 6 Update 18 Oracle Java SE and Java for Business 5.0 Update 23 Oracle Java SE and Java for Business 1.4.2 25 Oracle Java SE and Java for Business 1.3.1 27
Description The issue affects the Java 2D component, allowing remote attackers to impact confidentiality, integrity, and availability through unknown vectors. It is claimed by a reliable researcher to potentially be a heap-based buffer overflow that could allow arbitrary code execution via a crafted image.
Recommendations For Oracle Java SE and Java for Business 6 Update 18, update to a version that addresses this issue. For Oracle Java SE and Java for Business 5.0 Update 23, update to a version that addresses this issue. For Oracle Java SE and Java for Business 1.4.2 25, update to a version that addresses this issue. For Oracle Java SE and Java for Business 1.3.1 27, update to a version that addresses this issue. As a temporary workaround, consider restricting the use of the Java 2D component until a patch is available.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Identificadores relacionados

CVE-2010-0847
HPSBUX02524
RHSA-2010:0337
RHSA-2010:0338
RHSA-2010:0339
RHSA-2010:0383
RHSA-2010:0471
RHSA-2010:0489
RHSA-2010:0574
RHSA-2010:0586
RHSA-2010_0339

Produtos afetados

Hp-Ux
Java Platform
Java Se
Java For Business
Red Hat