PT-2010-2572 · Oracle+1 · Java Se+3
Regenrecht
·
Published
2010-04-01
·
Updated
2018-10-30
·
CVE-2010-0849
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Oracle Java SE and Java for Business versions 6 Update 18, 5.0 Update 23, 1.4.2 25, and 1.3.1 27
Description
The issue allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. It is claimed by a reliable researcher to be a heap-based buffer overflow in a decoding routine used by the
JPEGImageDecoderImpl interface, which allows code execution via a crafted JPEG image.Recommendations
For Oracle Java SE and Java for Business version 6 Update 18, update to a newer version to mitigate the risk.
For Oracle Java SE and Java for Business version 5.0 Update 23, update to a newer version to mitigate the risk.
For Oracle Java SE and Java for Business version 1.4.2 25, update to a newer version to mitigate the risk.
For Oracle Java SE and Java for Business version 1.3.1 27, update to a newer version to mitigate the risk.
As a temporary workaround, consider disabling the use of the
JPEGImageDecoderImpl interface until a patch is available.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Hp-Ux
Java Platform
Java Se
Java For Business