CVE-2010-3559

HIGH

Description

Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this involves an incorrect sign extension in the HeadspaceSoundbank.nGetName function, which allows attackers to execute arbitrary code via a crafted BANK record that leads to a buffer overflow.

ID	Name	Product	Family	Severity
89681	VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0013) (remote check)	Nessus	Misc.	critical
89674	VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0003) (remote check)	Nessus	Misc.	critical
75540	openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2010:0754-1)	Nessus	SuSE Local Security Checks	critical
64843	Oracle Java SE Multiple Vulnerabilities (October 2010 CPU) (Unix)	Nessus	Misc.	critical
60869	Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
56724	GLSA-201111-02 : Oracle JRE/JDK: Multiple vulnerabilities (BEAST)	Nessus	Gentoo Local Security Checks	critical
56665	VMSA-2011-0013 : VMware third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX	Nessus	VMware ESX Local Security Checks	critical
51971	VMSA-2011-0003 : Third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX	Nessus	VMware ESX Local Security Checks	critical
51751	SuSE 10 Security Update : Sun Java 1.6.0 (ZYPP Patch Number 7204)	Nessus	SuSE Local Security Checks	critical
51750	SuSE 10 Security Update : IBM Java 6 SR9 (ZYPP Patch Number 7312)	Nessus	SuSE Local Security Checks	critical
51667	SuSE 11.1 Security Update : IBM Java 6 (SAT Patch Number 3724)	Nessus	SuSE Local Security Checks	critical
50968	SuSE 10 Security Update : IBM Java 5 (ZYPP Patch Number 7205)	Nessus	SuSE Local Security Checks	critical
50919	SuSE 11 / 11.1 Security Update : Java 1.6.0 (SAT Patch Numbers 3347 / 3349)	Nessus	SuSE Local Security Checks	critical
50854	SuSE9 Security Update : IBM Java 5 JRE and SDK (YOU Patch Number 12659)	Nessus	SuSE Local Security Checks	critical
50641	RHEL 6 : java-1.5.0-ibm (RHSA-2010:0873)	Nessus	Red Hat Local Security Checks	critical
50360	RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2010:0807)	Nessus	Red Hat Local Security Checks	critical
50299	openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2010:0754-1)	Nessus	SuSE Local Security Checks	critical
50298	openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2010:0754-1)	Nessus	SuSE Local Security Checks	critical
49996	Oracle Java SE Multiple Vulnerabilities (October 2010 CPU)	Nessus	Windows	critical
49990	RHEL 4 / 5 : java-1.6.0-sun (RHSA-2010:0770)	Nessus	Red Hat Local Security Checks	critical

CVE-2010-3559

HIGH

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Configuration 5

Configuration 6

Configuration 7

Configuration 8

Configuration 9

Tenable Plugins

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical