CVE-2010-3559

Name of the Vulnerable Software and Affected Versions Oracle Java SE and Java for Business versions 6 Update 21 through 6 Update 21 Oracle Java SE and Java for Business version 5.0 Update 25 Oracle Java SE and Java for Business version 1.4.2 27 Oracle Java SE and Java for Business version 1.3.1 28

Description The issue affects the Sound component, potentially allowing remote attackers to impact confidentiality, integrity, and availability. It is claimed by a researcher that this could involve an incorrect sign extension in the HeadspaceSoundbank.nGetName function, possibly leading to arbitrary code execution via a crafted BANK record that causes a buffer overflow.

Recommendations For Oracle Java SE and Java for Business version 6 Update 21, update to a version that includes the fix for this issue. For Oracle Java SE and Java for Business version 5.0 Update 25, update to a version that includes the fix for this issue. For Oracle Java SE and Java for Business version 1.4.2 27, update to a version that includes the fix for this issue. For Oracle Java SE and Java for Business version 1.3.1 28, update to a version that includes the fix for this issue. As a temporary workaround, consider disabling the HeadspaceSoundbank.nGetName function until a patch is available.