Published: 22/05/2007 Updated: 01/08/2019

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Subscribe to Sun

Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) prior to 1.5.0_11-b03 and 1.6.x prior to 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and previous versions, SDK and JRE 1.4.2_14 and previous versions, and SDK and JRE 1.3.1_20 and previous versions, allows remote malicious users to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file that triggers a buffer overflow.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sun jdk 1.5.0
sun jdk 1.6.0
sun jre 1.3.1_04
sun jre 1.3.1_05
sun jre 1.3.1_06
sun jre 1.3.1_07
sun jre 1.3.1_08
sun jre 1.4.2
sun jre 1.4.2_1
sun jre 1.4.2_2
sun jre 1.4.2_3
sun jre 1.5.0
sun jre 1.3.1
sun jre 1.3.1_03
sun jre 1.3.1_10
sun jre 1.3.1_12
sun jre 1.3.1_17
sun jre 1.3.1_19
sun jre 1.4.2_5
sun jre 1.4.2_7
sun jre 1.4.2_14
sun jre 1.3.1_13
sun jre 1.3.1_14
sun jre 1.3.1_15
sun jre 1.3.1_16
sun jre 1.4.2_9
sun jre 1.4.2_10
sun jre 1.4.2_11
sun jre 1.4.2_12
sun jre 1.6.0
sun jre 1.3.1_2
sun jre 1.3.1_09
sun jre 1.3.1_11
sun jre 1.3.1_18
sun jre 1.3.1_20
sun jre 1.4.2_4
sun jre 1.4.2_6
sun jre 1.4.2_8
sun jre 1.4.2_13
sun sdk 1.3.1_05
sun sdk 1.3.1_06
sun sdk 1.3.1_07
sun sdk 1.3.1_08
sun sdk 1.4.2
sun sdk 1.4.2_1
sun sdk 1.4.2_2
sun sdk 1.4.2_3
sun sdk 1.4.2_4
sun sdk 1.3.1_01a
sun sdk 1.3.1_03
sun sdk 1.3.1_10
sun sdk 1.3.1_12
sun sdk 1.3.1_17
sun sdk 1.3.1_19
sun sdk 1.4.2_5
sun sdk 1.4.2_7
sun sdk 1.4.2_14
sun sdk 1.3.1
sun sdk 1.3.1_13
sun sdk 1.3.1_14
sun sdk 1.3.1_15
sun sdk 1.3.1_16
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.4.2_11
sun sdk 1.4.2_12
sun sdk 1.3.1_01
sun sdk 1.3.1_02
sun sdk 1.3.1_04
sun sdk 1.3.1_09
sun sdk 1.3.1_11
sun sdk 1.3.1_18
sun sdk 1.3.1_20
sun sdk 1.4.2_6
sun sdk 1.4.2_8
sun sdk 1.4.2_13

source: wwwsecurityfocuscom/bid/24004/info Sun JDK is prone to a multiple vulnerabilities An attacker can exploit these issues to crash the affected application, effectively denying service The attacker may also be able to execute arbitrary code, which may facilitate a compromise of the underlying system Sun JDK 150_07-b03 is vulne ...

CWE-189 http://scary.beasts.org/security/CESA-2006-004.html http://www.securityfocus.com/bid/24004 http://secunia.com/advisories/25295 http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml http://security.gentoo.org/glsa/glsa-200706-08.xml http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml http://www.redhat.com/support/errata/RHSA-2007-0829.html http://www.redhat.com/support/errata/RHSA-2007-0956.html http://www.novell.com/linux/security/advisories/2007_45_java.html http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html http://secunia.com/advisories/25474 http://secunia.com/advisories/25832 http://secunia.com/advisories/26049 http://secunia.com/advisories/26119 http://secunia.com/advisories/26369 http://secunia.com/advisories/26933 http://secunia.com/advisories/27203 http://secunia.com/advisories/27266 http://secunia.com/advisories/26645 http://docs.info.apple.com/article.html?artnum=307177 http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html http://dev2dev.bea.com/pub/advisory/248 http://www.redhat.com/support/errata/RHSA-2007-1086.html http://www.redhat.com/support/errata/RHSA-2007-0817.html http://sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1 http://www.kb.cert.org/vuls/id/138545 http://www.attrition.org/pipermail/vim/2007-July/001696.html http://www.attrition.org/pipermail/vim/2007-July/001697.html http://www.attrition.org/pipermail/vim/2007-July/001708.html http://www.attrition.org/pipermail/vim/2007-December/001862.html http://www.securityfocus.com/bid/24267 http://www.securitytracker.com/id?1018182 http://secunia.com/advisories/28056 http://secunia.com/advisories/26311 http://secunia.com/advisories/26631 http://secunia.com/advisories/28115 http://lists.vmware.com/pipermail/security-announce/2008/000003.html http://secunia.com/advisories/28365 http://www.redhat.com/support/errata/RHSA-2008-0100.html http://sunsolve.sun.com/search/document.do?assetkey=1-66-200856-1 http://secunia.com/advisories/29340 http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml http://secunia.com/advisories/29858 http://security.gentoo.org/glsa/glsa-200804-28.xml http://www.redhat.com/support/errata/RHSA-2008-0261.html http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml http://www.redhat.com/support/errata/RHSA-2008-0133.html http://secunia.com/advisories/30780 http://secunia.com/advisories/30805 http://www.vupen.com/english/advisories/2007/1836 http://www.vupen.com/english/advisories/2008/0065 http://www.vupen.com/english/advisories/2007/4224 http://www.vupen.com/english/advisories/2007/3009 https://exchange.xforce.ibmcloud.com/vulnerabilities/34652 https://exchange.xforce.ibmcloud.com/vulnerabilities/34318 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11700 https://nvd.nist.gov https://www.exploit-db.com/exploits/30043/https://www.kb.cert.org/vuls/id/138545

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook