PT-2010-2569 · Oracle+1 · Java Se+3

Regenrecht

Published

2010-04-01

Updated

2018-10-30

CVE-2010-0846

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Oracle Java SE and Java for Business versions 6 Update 18, 5.0 Update 23, 1.4.2 25, and 1.3.1 27

Description The issue affects confidentiality, integrity, and availability via unknown vectors. It is reportedly related to an "invalid assignment" and inconsistent length values in a JPEG image encoder (JPEGImageEncoderImpl), which may allow remote attackers to execute arbitrary code. However, Oracle has not commented on these claims.

Recommendations For Oracle Java SE and Java for Business versions 6 Update 18, 5.0 Update 23, 1.4.2 25, and 1.3.1 27, consider disabling the JPEGImageEncoderImpl function until a patch is available to prevent potential remote code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2010-0846

HPSBUX02524

RHSA-2010:0337

RHSA-2010:0338

RHSA-2010:0383

RHSA-2010:0471

RHSA-2010:0489

RHSA-2010:0574

RHSA-2010:0586

ZDI-10-059

Affected Products

Hp-Ux

Java Platform

Java Se

Java For Business

PT-2010-2569 · Oracle+1 · Java Se+3

CVE-2010-0846

Related Identifiers

Affected Products

References · 104