Sun Java JDK and JRE Code Execution and Security Bypass Vulnerabilities
RISK: Medium Risk
Multiple vulnerabilitieshave been identified in Sun Java JDK, JRE and SDK, which could be exploited by remote attackers to bypass security restrictions, gain knowledge of sensitive information, cause a denial of service or compromise a vulnerable system. These issues are caused by memory corruptions, buffer overflows, input validation and implementation errors within the ImageIO, Java 2D, JRE, Java Web Start, Java Plug-in, Pack200, Sound, JSSE, and HotSpot Server components, which could allow attackers to gain knowledge of or manipulate certain information, crash an affected application or execute arbitrary code by tricking a user into visiting a specially crafted web page.
Impact
- Remote Code Execution
- Information Disclosure
System / Technologies affected
- Sun Java JDK version 6 Update 18 and prior
- Sun Java JDK version 5.0 Update 23 and prior
- Sun Java JRE version 6 Update 18 and prior
- Sun Java JRE version 5.0 Update 23 and prior
- Sun Java JRE version 1.4.2_25 and prior
- Sun Java SDK version 1.4.2_25 and prior
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Upgrade to Sun Java JDK and JRE 6 Update 19, JDK and JRE 5.0 Update 24, and JRE and SDK version 1.4.2_26 :
- http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html
Vulnerability Identifier
- CVE-2009-3555
- CVE-2010-0082
- CVE-2010-0084
- CVE-2010-0085
- CVE-2010-0087
- CVE-2010-0088
- CVE-2010-0089
- CVE-2010-0090
- CVE-2010-0091
- CVE-2010-0092
- CVE-2010-0093
- CVE-2010-0094
- CVE-2010-0095
- CVE-2010-0837
- CVE-2010-0838
- CVE-2010-0839
- CVE-2010-0840
- CVE-2010-0841
- CVE-2010-0842
- CVE-2010-0843
- CVE-2010-0844
- CVE-2010-0845
- CVE-2010-0846
- CVE-2010-0847
- CVE-2010-0848
- CVE-2010-0849
- CVE-2010-0850
Source
Related Link
Share with