PT-2010-4927 · Oracle+2 · Java Se+4

Publicado

2010-10-12

Atualizado

2018-10-10

CVE-2010-3566

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 5.0 Update 25 and 6 Update 21 Oracle Java for Business versions 5.0 Update 25 and 6 Update 21

Description The issue affects the confidentiality, integrity, and availability of the system. It is reportedly related to a crafted devs (device information) tag structure in a color profile, potentially leading to an integer overflow and buffer overflow. The estimated number of potentially affected devices worldwide is not specified.

Recommendations For Oracle Java SE versions 5.0 Update 25 and 6 Update 21, update to a version that contains the fix for this issue. For Oracle Java for Business versions 5.0 Update 25 and 6 Update 21, update to a version that contains the fix for this issue. As a temporary workaround, consider restricting the use of crafted color profiles until a patch is available.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2010-3566

HPSBUX02608

RHSA-2010:0770

RHSA-2010:0807

RHSA-2010:0873

RHSA-2010:0987

RHSA-2010_0873

RHSA-2010_0987

RHSA-2011:0880

ZDI-10-204

Produtos afetados

Hp-Ux

Java Platform

Java Se

Java For Business

Red Hat

PT-2010-4927 · Oracle+2 · Java Se+4

CVE-2010-3566

Identificadores relacionados

Produtos afetados

Referências · 138