Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiRegenrechtZDI-10-059
HistoryApr 05, 2010 - 12:00 a.m.

Sun Java Runtime Environment JPEGImageEncoderImpl Remote Code Execution Vulnerability

2010-04-0500:00:00
regenrecht
www.zerodayinitiative.com
32

EPSS

0.139

Percentile

95.7%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun’s Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within a function responsible for creating a JPEG image encoder. The function makes an invalid assignment based on the value of the num_components element of a comp_info structure while parsing a JPEG file. It then improperly uses the original value while performing memory copy operations. By specifying certain values as the num_components field this can be exploited to gain arbitrary code execution by overflowing an undersized buffer on the heap.

Related

securityvulns 3
cvelist 1
prion 1
ubuntucve 1
cve 1
veracode 1
nvd 1
redhat 7
nessus 25
suse 2
openvas 13
gentoo 1
oracle 1
securityvulns
securityvulns
ZDI-10-059: Sun Java Runtime Environment JPEGImageEncoderImpl Remote Code Execution Vulnerability
2010-04-06 00:00:00
[security bulletin] HPSBMA02547 SSRT100179 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Execution of Arbitrary Code and Other Vulnerabilities
2010-07-18 00:00:00
Oracle Critical Patch Update Advisory - July 2010
2010-07-15 00:00:00
cvelist
cvelist
CVE-2010-0846
2010-04-01 16:00:00
prion
prion
Heap overflow
2010-04-01 16:30:00
ubuntucve
ubuntucve
CVE-2010-0846
2010-04-01 00:00:00
cve
cve
CVE-2010-0846
2010-04-01 16:30:01
veracode
veracode
Denial Of Services (DoS)
2020-04-10 00:45:53
nvd
nvd
CVE-2010-0846
2010-04-01 16:30:01
redhat
redhat
(RHSA-2010:0489) Critical: java-1.5.0-ibm security update
2010-06-17 00:00:00
(RHSA-2010:0574) Critical: java-1.4.2-ibm security update
2010-07-29 00:00:00
(RHSA-2010:0586) Moderate: java-1.4.2-ibm-sap security update
2010-08-02 00:00:00
nessus
nessus
RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2010:0489)
2010-06-18 00:00:00
RHEL 3 / 4 / 5 : java-1.4.2-ibm (RHSA-2010:0574)
2010-07-30 00:00:00
SuSE 11 / 11.1 Security Update : IBM Java / Java (SAT Patch Numbers 2812 / 2813)
2010-12-02 00:00:00
suse
suse
remote code execution in java-1_5_0-ibm
2010-07-06 17:26:45
remote code execution in java-1_6_0-ibm
2010-07-01 17:43:53
openvas
openvas
HP-UX Update for Java HPSBUX02524
2010-06-07 00:00:00
Oracle Java SE Multiple Vulnerabilities (Windows)
2010-04-07 00:00:00
Oracle Java SE Multiple Vulnerabilities - Windows
2010-04-07 00:00:00
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2010-06-04 00:00:00
oracle
oracle
Security | Oracle Critical Patch Update - July 2010
2010-07-13 00:00:00

EPSS

0.139

Percentile

95.7%

JSON
Related for ZDI-10-059
securityvulns3cvelist1prion1ubuntucve1cve1veracode1nvd1redhat7nessus25suse2openvas13gentoo1oracle1