PT-2010-2570 · Oracle+2 · Java Se+4

Published

2010-04-01

·

Updated

2018-10-30

·

CVE-2010-0847

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Oracle Java SE and Java for Business 6 Update 18 Oracle Java SE and Java for Business 5.0 Update 23 Oracle Java SE and Java for Business 1.4.2 25 Oracle Java SE and Java for Business 1.3.1 27
Description The issue affects the Java 2D component, allowing remote attackers to impact confidentiality, integrity, and availability through unknown vectors. It is claimed by a reliable researcher to potentially be a heap-based buffer overflow that could allow arbitrary code execution via a crafted image.
Recommendations For Oracle Java SE and Java for Business 6 Update 18, update to a version that addresses this issue. For Oracle Java SE and Java for Business 5.0 Update 23, update to a version that addresses this issue. For Oracle Java SE and Java for Business 1.4.2 25, update to a version that addresses this issue. For Oracle Java SE and Java for Business 1.3.1 27, update to a version that addresses this issue. As a temporary workaround, consider restricting the use of the Java 2D component until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

CVE-2010-0847
HPSBUX02524
RHSA-2010:0337
RHSA-2010:0338
RHSA-2010:0339
RHSA-2010:0383
RHSA-2010:0471
RHSA-2010:0489
RHSA-2010:0574
RHSA-2010:0586
RHSA-2010_0339

Affected Products

Hp-Ux
Java Platform
Java Se
Java For Business
Red Hat