CVE-2010-0842

Name of the Vulnerable Software and Affected Versions Oracle Java SE and Java for Business versions 6 Update 18, 5.0 Update 23, 1.4.2 25, and 1.3.1 27

Description The issue affects the Sound component, allowing remote attackers to impact confidentiality, integrity, and availability through unknown vectors. It is claimed by a reliable researcher that this could be due to an uncontrolled array index, potentially enabling remote attackers to execute arbitrary code via a crafted MIDI file with a manipulated MixerSequencer object, related to the GM Song structure.

Recommendations For Oracle Java SE and Java for Business version 6 Update 18, consider disabling the MixerSequencer object until a patch is available. For Oracle Java SE and Java for Business version 5.0 Update 23, restrict access to MIDI files to minimize the risk of exploitation. For Oracle Java SE and Java for Business version 1.4.2 25, avoid using the MixerSequencer object in sensitive operations until the issue is resolved. For Oracle Java SE and Java for Business version 1.3.1 27, consider applying configuration changes to limit the impact of potential attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.