Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x prior to 1.3.1_27, and SDK and JRE 1.4.x prior to 1.4.2_24 allows remote malicious users to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
sun jdk 1.6.0 |
||
sun jre 1.6.0 |
||
sun jdk 1.5.0 |
||
sun jre 1.5.0 |
||
sun sdk 1.4.2_6 |
||
sun sdk 1.4.2_9 |
||
sun sdk 1.4.2_8 |
||
sun sdk 1.4.2_11 |
||
sun sdk 1.4.2_14 |
||
sun sdk 1.4.2_03 |
||
sun sdk 1.4.2_12 |
||
sun sdk 1.4.2_3 |
||
sun sdk 1.4.2_5 |
||
sun sdk 1.4.2_20 |
||
sun sdk 1.4.2_17 |
||
sun sdk 1.4.2_2 |
||
sun sdk 1.4.2_13 |
||
sun sdk 1.4.2_10 |
||
sun sdk 1.4.2_09 |
||
sun jre 1.4.2_12 |
||
sun jre 1.4.2_13 |
||
sun jre 1.4.2_6 |
||
sun jre 1.4.2_9 |
||
sun jre 1.4.2_07 |
||
sun jre 1.4.2_06 |
||
sun jre 1.4.2_16 |
||
sun jre 1.4.2_17 |
||
sun sdk 1.4.2_21 |
||
sun sdk 1.4.2_01 |
||
sun sdk 1.4.2_02 |
||
sun jre 1.4.2_10 |
||
sun jre 1.4.2_11 |
||
sun jre 1.4.2_8 |
||
sun jre 1.4.2_3 |
||
sun jre 1.4.2_03 |
||
sun jre 1.4.2_02 |
||
sun jre 1.4.2_05 |
||
sun jre 1.4.2_09 |
||
sun jre 1.4.2_08 |
||
sun sdk 1.4.2_1 |
||
sun sdk 1.4.2_04 |
||
sun sdk 1.4.2_22 |
||
sun jre 1.4.2_15 |
||
sun jre 1.4.2_7 |
||
sun jre 1.4.2_4 |
||
sun jre 1.4.2_1 |
||
sun jre 1.4.2_21 |
||
sun jre 1.4.2_20 |
||
sun sdk 1.4.2_15 |
||
sun sdk 1.4.2_7 |
||
sun sdk 1.4.2_19 |
||
sun sdk 1.4.2_16 |
||
sun sdk 1.4.2_4 |
||
sun sdk 1.4.2_08 |
||
sun sdk 1.4.2_06 |
||
sun sdk 1.4.2_05 |
||
sun sdk 1.4.2_07 |
||
sun jre 1.4.2_18 |
||
sun jre 1.4.2_14 |
||
sun jre 1.4.2_2 |
||
sun jre 1.4.2_5 |
||
sun jre 1.4.2_04 |
||
sun jre 1.4.2_19 |
||
sun jre 1.4.2_22 |
||
sun sdk 1.4.2_18 |
||
sun sdk 1.3.1_14 |
||
sun sdk 1.3.1_15 |
||
sun sdk 1.3.1_07 |
||
sun sdk 1.3.1_02 |
||
sun sdk 1.3.1_19 |
||
sun sdk 1.3.1_23 |
||
sun sdk 1.3.1_9 |
||
sun sdk 1.3.1_08 |
||
sun sdk 1.3.1_09 |
||
sun sdk 1.3.1_10 |
||
sun sdk 1.3.1_03 |
||
sun sdk 1.3.1_21 |
||
sun sdk 1.3.1_16 |
||
sun sdk 1.3.1_18 |
||
sun jre 1.3.1_01 |
||
sun jre 1.3.1_01a |
||
sun jre 1.3.1_08 |
||
sun jre 1.3.1_09 |
||
sun jre 1.3.1_15 |
||
sun jre 1.3.1_16 |
||
sun jre 1.3.1_23 |
||
sun jre 1.3.1_24 |
||
sun jre 1.3.1_9 |
||
sun jre 1.3.1_25 |
||
sun sdk 1.3.1_20 |
||
sun sdk 1.3.1_2 |
||
sun sdk 1.3.1_24 |
||
sun sdk 1.3.1_25 |
||
sun jre 1.3.1_06 |
||
sun jre 1.3.1_07 |
||
sun jre 1.3.1_13 |
||
sun jre 1.3.1_14 |
||
sun jre 1.3.1_21 |
||
sun jre 1.3.1_22 |
||
sun jre 1.3.1_7 |
||
sun jre 1.3.1_8 |
||
sun sdk 1.3.1_12 |
||
sun sdk 1.3.1_13 |
||
sun sdk 1.3.1_05 |
||
sun sdk 1.3.1_06 |
||
sun sdk 1.3.1_01 |
||
sun sdk 1.3.1_01a |
||
sun sdk 1.3.1_6 |
||
sun sdk 1.3.1_5 |
||
sun jre 1.3.1_04 |
||
sun jre 1.3.1_05 |
||
sun jre 1.3.1_11 |
||
sun jre 1.3.1_12 |
||
sun jre 1.3.1_19 |
||
sun jre 1.3.1_2 |
||
sun jre 1.3.1_20 |
||
sun jre 1.3.1_5 |
||
sun jre 1.3.1_6 |
||
sun sdk 1.3.1_8 |
||
sun sdk 1.3.1_7 |
||
sun sdk 1.3.1_11 |
||
sun sdk 1.3.1_04 |
||
sun sdk 1.3.1_17 |
||
sun sdk 1.3.1_22 |
||
sun sdk 1.3.1_4 |
||
sun sdk 1.3.1_3 |
||
sun jre 1.3.1_02 |
||
sun jre 1.3.1_03 |
||
sun jre 1.3.1_1 |
||
sun jre 1.3.1_10 |
||
sun jre 1.3.1_17 |
||
sun jre 1.3.1_18 |
||
sun jre 1.3.1_3 |
||
sun jre 1.3.1_4 |
||
sun jre 1.4.2_01 |
Java-based exploits and phishing on social networks dominate
Win7 infection rates rose during the second half of 2010 even as malware hit rates on XP machines declined, according to official statistics from Microsoft. The latest edition of Microsoft's Security Intelligence Report shows an infection rate of four Win7 PCs per 1,000 in the second half of 2010, up from three Win7 PCs per 1,000 during the first half of 2010. The rise of more than 30 per cent contrasts with a drop of the infection rate, albeit from a much higher starting point, for older and le...
By far the biggest threat to users this month was drive-by downloads. This type of attack can result in users’ computers being infected even when visiting legitimate sites. Here’s a quick reminder of how drive-by downloads infect computers. First of all, a user visits a legitimate site that has been infected or a site belonging to cybercriminals where a redirect script is located. A good example of just such a script is Downloader.JS.Pegel, one of the most prevalent redirects of recent times...
The security was tight enough, but the raider knew exactly where the weak point in the system was. He had undergone special training to help him slip unnoticed through loopholes like these and infiltrate the network. The raider creates the loophole that lets others in — spies, thieves or secret agents, who then force the system to operate according to their bosses’ wishes. As long as the loophole stays open… This is not a scene from a computer game, this type of scenario is played out usin...
Kaspersky Lab presents its malware rankings for September. There are relatively few new malicious programs in either ranking. It is, however, worth highlighting a new ‘bundle’: Trojan-Dropper.Win32.Sality.cx which installs Virus.Win32.Sality.bh to an infected computer. The dropper spreads using a vulnerability in WinLNK files (i.e., Windows shortcuts). It’s also worth noting that in September the number of exploits targeting CVE-2010-1885 (the Windows Help and Support Center vulnerability)...
In August, there was a significant increase in exploits of the CVE-2010-2568 vulnerability. Worm.Win32.Stuxnet, which notoriously surfaced in late July, targets this vulnerability, as does the Trojan-Dropper program which installs the latest variant of the Sality virus – Virus.Win32.Sality.ag. Unsurprisingly, black hats lost no time in taking advantage of this latest vulnerability in the most commonly used version of Windows. However, on 2 August Microsoft released MS10-046 which provides a pa...
The first Top Twenty list immediately below shows malware, adware and potentially unwanted programs that were detected and neutralized by the on-access scanner when they were accessed for the first time. During May there were five new entries to the list. Variants of the CVE-2010-0806 exploit left the Top 20 list as swiftly as they had joined it a month ago. However, malware writers are nowhere near through with exploiting the CVE-2010-0806 vulnerability. In May, Trojan.JS.Agent.bhr, a component...
This report was compiled on the basis of data obtained and processed using the Kaspersky Security Network (KSN). KSN is one of the most important innovations in personal products and is currently in the final stages of development. Once completed, it will become an integral feature of Kaspersky Lab’s corporate product range. The Kaspersky Security Network can, in real time, detect new malware for which no signatures or heuristic detection methods are currently available. KSN helps identify the...
Vulmon