CVE-2010-3571

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 6 Update 21, 5.0 Update 25, 1.4.2 27, and 1.3.1 28 Java for Business versions 6 Update 21, 5.0 Update 25, 1.4.2 27, and 1.3.1 28

Description The issue affects the confidentiality, integrity, and availability of the system. It is reportedly related to an integer overflow in the color profile parser, allowing remote attackers to execute arbitrary code via a crafted Tag structure in a color profile. The estimated number of potentially affected devices and details about real-world incidents are not provided.

Recommendations For Oracle Java SE and Java for Business versions 6 Update 21, 5.0 Update 25, 1.4.2 27, and 1.3.1 28, consider disabling the color profile parser as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.