Lucene search
AnonymousZDI-11-185HistoryJun 08, 2011 - 12:00 a.m.
Oracle Java ICC Profile 'bfd ' Tag Parsing Remote Code Execution Vulnerability
2011-06-0800:00:00
Anonymous
www.zerodayinitiative.com
14
EPSS
0.026
Percentile
90.6%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the way java handles color profiles. When parsing a color profile containing a invalid 'bfd ’ tag it is possible to specify an integer that can cause an integer to wrap. This integer is then used to specify the size of a heap allocation. By providing a specially crafted tag value an attacker can cause memory corruption that can lead to remote code being executed under to user running the browser.
Related
zdi
zdi
securityvulns
securityvulns
veracode
veracode
Arbitrary Code Execution
2019-05-02 04:55:57
cvelist
cvelist
CVE-2011-0862
2011-06-14 18:00:00
nvd
nvd
CVE-2011-0862
2011-06-14 18:55:02
cve
cve
CVE-2011-0862
2011-06-14 18:55:02
ubuntucve
ubuntucve
CVE-2011-0862
2011-06-14 00:00:00
CVE-2011-0822
2011-06-17 00:00:00
prion
prion
Design/Logic Flaw
2011-06-14 18:55:00
openvas
openvas
RedHat Update for java-1.6.0-openjdk RHSA-2011:0856-01
2012-06-06 00:00:00
Mandriva Update for java-1.6.0-openjdk MDVSA-2011:126 (java-1.6.0-openjdk)
2011-08-18 00:00:00
CentOS Update for java CESA-2011:0857 centos5 i386
2011-08-09 00:00:00
nessus
nessus
RHEL 5 : java-1.6.0-openjdk (RHSA-2011:0857)
2011-06-09 00:00:00
RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2011:1087)
2011-07-25 00:00:00
Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2011-0857)
2013-07-12 00:00:00
debian
debian
[SECURITY] [DSA 2311-1] openjdk-6 security update
2011-09-27 20:10:30
[SECURITY] [DSA 2358-1] openjdk-6 security update
2011-12-05 19:26:27
redhat
redhat
(RHSA-2011:0857) Important: java-1.6.0-openjdk security update
2011-06-08 00:00:00
(RHSA-2011:0856) Critical: java-1.6.0-openjdk security update
2011-06-08 00:00:00
(RHSA-2011:1087) Critical: java-1.5.0-ibm security update
2011-07-22 00:00:00
centos
centos
java security update
2011-06-13 14:03:30
osv
osv
openjdk-6 - several
2011-09-27 00:00:00
openjdk-6 - several
2011-12-05 00:00:00
suse
suse
Security update for IBM Java (important)
2011-08-29 20:08:51
remote code execution in java-1_4_2-ibm
2011-08-29 12:59:14
remote code execution in java-1_5_0-ibm,IBMJava5
2011-08-04 17:16:07
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2011-06-08 00:00:00
java-1.6.0-openjdk security update
2011-06-08 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: java-1.6.0-openjdk-1.6.0.0-58.1.10.2.fc15
2011-06-15 05:44:07
[SECURITY] Fedora 14 Update: java-1.6.0-openjdk-1.6.0.0-53.1.9.8.fc14
2011-06-11 04:18:13
[SECURITY] Fedora 13 Update: java-1.6.0-openjdk-1.6.0.0-51.1.8.8.fc13
2011-06-15 05:33:46
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2011-06-17 00:00:00
vmware
vmware
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2011-11-05 00:00:00
IcedTea JDK: Multiple vulnerabilities
2014-06-29 00:00:00
oracle
oracle
Oracle Critical Patch Update - July 2011
2011-12-15 00:00:00