Secunia Advisory: SA23757
Release Date: 2007-01-17
Last Update: 2007-01-18
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Description:
A vulnerability has been reported in Sun Java Runtime Environment (JRE), which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an error when processing GIF images and can be exploited to cause a heap-based buffer overflow via a specially crafted GIF image with an image width of 0.
Successful exploitation allows execution of arbitrary code.
The vulnerability is reported in the following versions:
* JDK and JRE 5.0 Update 9 and prior.
* SDK and JRE 1.4.2_12 and prior.
* SDK and JRE 1.3.1_18 and prior.
Provided and/or discovered by:
Discovered by an anonymous person and reported via ZDI.
Changelog:
2007-01-18: Added CVE reference and link to US-CERT.
Original Advisory:
Sun Microsystems:
ZDI:
Other References:
US-CERT VU#388289:
Release Date: 2007-01-17
Last Update: 2007-01-18
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Description:
A vulnerability has been reported in Sun Java Runtime Environment (JRE), which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an error when processing GIF images and can be exploited to cause a heap-based buffer overflow via a specially crafted GIF image with an image width of 0.
Successful exploitation allows execution of arbitrary code.
The vulnerability is reported in the following versions:
* JDK and JRE 5.0 Update 9 and prior.
* SDK and JRE 1.4.2_12 and prior.
* SDK and JRE 1.3.1_18 and prior.
Provided and/or discovered by:
Discovered by an anonymous person and reported via ZDI.
Changelog:
2007-01-18: Added CVE reference and link to US-CERT.
Original Advisory:
Sun Microsystems:
ZDI:
Other References:
US-CERT VU#388289:
Comment