Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote malicious users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an uncontrolled array index that allows remote malicious users to execute arbitrary code via a MIDI file with a crafted MixerSequencer object, related to the GM_Song structure.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sun jre 1.6.0 |
||
sun jre |
||
sun jdk 1.6.0 |
||
sun jdk |
||
sun jdk 1.5.0 |
||
sun sdk 1.4.2 |
||
sun sdk 1.4.2_14 |
||
sun sdk 1.4.2_15 |
||
sun sdk 1.4.2_6 |
||
sun sdk 1.4.2_7 |
||
sun sdk 1.4.2_24 |
||
sun sdk |
||
sun sdk 1.4.2_02 |
||
sun sdk 1.4.2_1 |
||
sun sdk 1.4.2_16 |
||
sun sdk 1.4.2_17 |
||
sun sdk 1.4.2_8 |
||
sun sdk 1.4.2_9 |
||
sun sdk 1.4.2_12 |
||
sun sdk 1.4.2_13 |
||
sun sdk 1.4.2_4 |
||
sun sdk 1.4.2_5 |
||
sun sdk 1.4.2_22 |
||
sun sdk 1.4.2_23 |
||
sun sdk 1.4.2_10 |
||
sun sdk 1.4.2_11 |
||
sun sdk 1.4.2_18 |
||
sun sdk 1.4.2_19 |
||
sun sdk 1.4.2_3 |
||
sun sdk 1.4.2_20 |
||
sun sdk 1.4.2_21 |
||
sun jre 1.5.0 |
||
sun jre 1.4.2_6 |
||
sun jre 1.4.2_7 |
||
sun jre 1.4.2_8 |
||
sun jre 1.4.2_14 |
||
sun jre 1.4.2_15 |
||
sun jre 1.4.2_22 |
||
sun jre 1.4.2_23 |
||
sun jre 1.4.2 |
||
sun jre 1.4.2_1 |
||
sun jre 1.4.2_9 |
||
sun jre 1.4.2_16 |
||
sun jre 1.4.2_17 |
||
sun jre 1.4.2_24 |
||
sun jre 1.4.2_4 |
||
sun jre 1.4.2_5 |
||
sun jre 1.4.2_12 |
||
sun jre 1.4.2_13 |
||
sun jre 1.4.2_20 |
||
sun jre 1.4.2_21 |
||
sun jre 1.4.2_2 |
||
sun jre 1.4.2_3 |
||
sun jre 1.4.2_10 |
||
sun jre 1.4.2_11 |
||
sun jre 1.4.2_18 |
||
sun jre 1.4.2_19 |
||
sun jdk 1.3.0_03 |
||
sun jdk 1.3.0_04 |
||
sun jdk 1.3.0_05 |
||
sun jdk 1.3.1_05 |
||
sun jdk 1.3.1_06 |
||
sun jdk 1.3.1_13 |
||
sun jdk 1.3.1_15 |
||
sun jdk 1.3.1_22 |
||
sun jdk 1.3.1_23 |
||
sun jdk 1.3.1 |
||
sun jdk 1.3.1_01 |
||
sun jdk 1.3.1_07 |
||
sun jdk 1.3.1_08 |
||
sun jdk 1.3.1_14 |
||
sun jdk 1.3.1_16 |
||
sun jdk 1.3.1_24 |
||
sun jdk 1.3.1_25 |
||
sun jdk 1.3.0_01 |
||
sun jdk 1.3.0_02 |
||
sun jdk 1.3.1_03 |
||
sun jdk 1.3.1_04 |
||
sun jdk 1.3.1_11 |
||
sun jdk 1.3.1_12 |
||
sun jdk 1.3.1_19 |
||
sun jdk 1.3.1_20 |
||
sun jdk 1.3.1_21 |
||
sun jdk 1.3.0 |
||
sun jdk 1.3.1_01a |
||
sun jdk 1.3.1_02 |
||
sun jdk 1.3.1_09 |
||
sun jdk 1.3.1_10 |
||
sun jdk 1.3.1_17 |
||
sun jdk 1.3.1_18 |
||
sun jdk 1.3.1_26 |
||
sun jre 1.3.0 |
||
sun jre 1.3.1_03 |
||
sun jre 1.3.1_04 |
||
sun jre 1.3.1_12 |
||
sun jre 1.3.1_13 |
||
sun jre 1.3.1_2 |
||
sun jre 1.3.1_20 |
||
sun jre 1.3.1_05 |
||
sun jre 1.3.1_06 |
||
sun jre 1.3.1_14 |
||
sun jre 1.3.1_15 |
||
sun jre 1.3.1_21 |
||
sun jre 1.3.1_22 |
||
sun jre 1.3.1 |
||
sun jre 1.3.1_10 |
||
sun jre 1.3.1_11 |
||
sun jre 1.3.1_18 |
||
sun jre 1.3.1_19 |
||
sun jre 1.3.1_25 |
||
sun jre 1.3.1_26 |
||
sun jre 1.3.1_07 |
||
sun jre 1.3.1_08 |
||
sun jre 1.3.1_09 |
||
sun jre 1.3.1_16 |
||
sun jre 1.3.1_17 |
||
sun jre 1.3.1_23 |
||
sun jre 1.3.1_24 |
||
sun sdk 1.3.1_01 |
||
sun sdk 1.3.1_01a |
||
sun sdk 1.3.1_08 |
||
sun sdk 1.3.1_09 |
||
sun sdk 1.3.1_16 |
||
sun sdk 1.3.1_17 |
||
sun sdk 1.3.1_25 |
||
sun sdk 1.3.1_26 |
||
sun sdk 1.3.0 |
||
sun sdk 1.3.0_01 |
||
sun sdk 1.3.0_02 |
||
sun sdk 1.3.1_02 |
||
sun sdk 1.3.1_03 |
||
sun sdk 1.3.1_10 |
||
sun sdk 1.3.1_11 |
||
sun sdk 1.3.1_18 |
||
sun sdk 1.3.1_19 |
||
sun sdk 1.3.1_20 |
||
sun sdk 1.3.0_05 |
||
sun sdk 1.3.1 |
||
sun sdk 1.3.1_06 |
||
sun sdk 1.3.1_07 |
||
sun sdk 1.3.1_14 |
||
sun sdk 1.3.1_15 |
||
sun sdk 1.3.1_23 |
||
sun sdk 1.3.1_24 |
||
sun sdk 1.3.0_03 |
||
sun sdk 1.3.0_04 |
||
sun sdk 1.3.1_04 |
||
sun sdk 1.3.1_05 |
||
sun sdk 1.3.1_12 |
||
sun sdk 1.3.1_13 |
||
sun sdk 1.3.1_21 |
||
sun sdk 1.3.1_22 |
In early October, a story was published by the Wall Street Journal alleging Kaspersky Lab software was used to siphon classified data from an NSA employee’s home computer system. Given that Kaspersky Lab has been at the forefront of fighting cyberespionage and cybercriminal activities on the Internet for over 20 years now, these allegations were treated very seriously. To assist any independent investigators and all the people who have been asking us questions whether those allegations were tr...
Last week, we published a blog post regarding the ongoing spam campaign using the recent earthquake in Japan to infect users. This is a follow up blog describing the exploits used. According to our analysis, it seems that the malicious links from the spam emails lead to websites hosting the Incognito Exploit Kit. Here is an interesting picture from the servers hosting the exploit kit: You can see below another example from the spam campaign, this time pretending to be an email from Twitter: The ...