PT-2010-4923 · Oracle+2 · Java Se+4
Published
2010-10-13
·
Updated
2018-10-30
·
CVE-2010-3562
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Oracle Java SE and Java for Business versions 6 Update 21, 5.0 Update 25, 1.4.2 27, and 1.3.1 28
Description
The issue affects the confidentiality, integrity, and availability of the system, allowing remote attackers to exploit it via unknown vectors. It is claimed by a reliable downstream vendor to be a double free vulnerability in IndexColorModel, which could lead to a denial of service (crash) and possibly the execution of arbitrary code.
Recommendations
For Oracle Java SE and Java for Business version 6 Update 21, update to a version that includes the fix for this issue.
For Oracle Java SE and Java for Business version 5.0 Update 25, update to a version that includes the fix for this issue.
For Oracle Java SE and Java for Business version 1.4.2 27, update to a version that includes the fix for this issue.
For Oracle Java SE and Java for Business version 1.3.1 28, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting access to the 2D component until a patch is available.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Hp-Ux
Java Platform
Java Se
Java For Business
Red Hat