CVE-2010-0844

Name of the Vulnerable Software and Affected Versions Oracle Java SE and Java for Business versions 6 Update 18, 5.0 Update 23, 1.4.2 25, and 1.3.1 27

Description The issue allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. It is claimed by a reliable researcher that this vulnerability is due to improper parsing of a crafted MIDI stream when creating a MixerSequencer object, which causes a pointer to be corrupted and allows a NULL byte to be written to arbitrary memory.

Recommendations For Oracle Java SE and Java for Business versions 6 Update 18, 5.0 Update 23, 1.4.2 25, and 1.3.1 27, consider disabling the MixerSequencer object until a patch is available to prevent exploitation. Restrict access to MIDI files to minimize the risk of remote code execution. Avoid using the affected Sound component in Oracle Java SE and Java for Business until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.