NA
CVSSv3

CVE-2007-0243

CVSSv4: NA | CVSSv3: NA | CVSSv2: 6.8 | VMScore: 780 | EPSS: 0.50544 | KEV: Not Included
Published: 17/01/2007 Updated: 21/11/2024

Vulnerability Summary

Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and previous versions, SDK and JRE 1.4.2_12 and previous versions, and SDK and JRE 1.3.1_18 and previous versions allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption.

Vulnerable Product Search on Vulmon Subscribe to Product

sun jdk

sun jdk 1.5.0

sun jre

sun jre 1.3.1

sun jre 1.4.2 1

sun jre 1.4.2 2

sun jre 1.4.2 3

sun jre 1.4.2 4

sun jre 1.4.2 5

sun jre 1.4.2 6

sun jre 1.4.2 7

sun jre 1.4.2 8

sun jre 1.4.2 9

sun jre 1.4.2 10

sun jre 1.4.2 11

sun jre 1.4.2 12

sun jre 1.5.0

sun sdk 1.3.1 01

sun sdk 1.3.1 01a

sun sdk 1.3.1 16

sun sdk 1.3.1 18

sun sdk 1.4.2

sun sdk 1.4.2 03

sun sdk 1.4.2 08

sun sdk 1.4.2 09

sun sdk 1.4.2 10

sun sdk 1.4.2 12

Exploits

/* * * FileName: JvmGifVulPocjava * * Date: 2007-01-21 * * Description: Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability Prove Of Concept Exploit * * Environment: Only successfully tested on Sun Jre 15 * * Author: luoluo * * Contact: luoluonet_at_hotmailcom || luoluonet_at_126com || luoluonet_at_yahoocom * * Team: PST(Ph4 ...

References

CWE-119https://nvd.nist.govhttps://www.exploit-db.com/exploits/3168/https://www.kb.cert.org/vuls/id/388289https://www.first.org/epsshttp://dev2dev.bea.com/pub/advisory/242http://docs.info.apple.com/article.html?artnum=307177http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.htmlhttp://osvdb.org/32834http://secunia.com/advisories/23757http://secunia.com/advisories/24189http://secunia.com/advisories/24202http://secunia.com/advisories/24468http://secunia.com/advisories/24993http://secunia.com/advisories/25283http://secunia.com/advisories/26049http://secunia.com/advisories/26119http://secunia.com/advisories/26645http://secunia.com/advisories/27203http://secunia.com/advisories/28115http://security.gentoo.org/glsa/glsa-200702-08.xmlhttp://securityreason.com/securityalert/2158http://securitytracker.com/id?1017520http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.htmlhttp://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.htmlhttp://www.gentoo.org/security/en/glsa/glsa-200702-07.xmlhttp://www.kb.cert.org/vuls/id/388289http://www.novell.com/linux/security/advisories/2007_45_java.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0166.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0167.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0956.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0261.htmlhttp://www.securityfocus.com/archive/1/457159/100/0/threadedhttp://www.securityfocus.com/archive/1/457638/100/0/threadedhttp://www.securityfocus.com/bid/22085http://www.us-cert.gov/cas/techalerts/TA07-022A.htmlhttp://www.vupen.com/english/advisories/2007/0211http://www.vupen.com/english/advisories/2007/0936http://www.vupen.com/english/advisories/2007/1814http://www.vupen.com/english/advisories/2007/4224http://www.zerodayinitiative.com/advisories/ZDI-07-005.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/31537https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11073http://dev2dev.bea.com/pub/advisory/242http://docs.info.apple.com/article.html?artnum=307177http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.htmlhttp://osvdb.org/32834http://secunia.com/advisories/23757http://secunia.com/advisories/24189http://secunia.com/advisories/24202http://secunia.com/advisories/24468http://secunia.com/advisories/24993http://secunia.com/advisories/25283http://secunia.com/advisories/26049http://secunia.com/advisories/26119http://secunia.com/advisories/26645http://secunia.com/advisories/27203http://secunia.com/advisories/28115http://security.gentoo.org/glsa/glsa-200702-08.xmlhttp://securityreason.com/securityalert/2158http://securitytracker.com/id?1017520http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.htmlhttp://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.htmlhttp://www.gentoo.org/security/en/glsa/glsa-200702-07.xmlhttp://www.kb.cert.org/vuls/id/388289http://www.novell.com/linux/security/advisories/2007_45_java.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0166.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0167.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0956.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0261.htmlhttp://www.securityfocus.com/archive/1/457159/100/0/threadedhttp://www.securityfocus.com/archive/1/457638/100/0/threadedhttp://www.securityfocus.com/bid/22085http://www.us-cert.gov/cas/techalerts/TA07-022A.htmlhttp://www.vupen.com/english/advisories/2007/0211http://www.vupen.com/english/advisories/2007/0936http://www.vupen.com/english/advisories/2007/1814http://www.vupen.com/english/advisories/2007/4224http://www.zerodayinitiative.com/advisories/ZDI-07-005.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/31537https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11073