Sun Java Media Framework (JMF) Arbitrary Code Execution

This script is Copyright (C) 2003-2016 Tenable Network Security, Inc.


Synopsis :

A framework installed on the remote Windows host has a code execution
vulnerability.

Description :

The remote host is using Sun Microsystems's Java Media Framework
(JMF).

There is a bug in the version installed that may allow an untrusted
applet to crash the Java Virtual Machine it is being run on, or even
to gain unauthorized privileges.

An attacker could exploit this flaw to execute arbitrary code on this
host. To exploit this flaw, the attacker would need to trick a user
into running a malicious Java applet.

See also :

http://seclists.org/bugtraq/2003/Jun/219
http://download.oracle.com/sunalerts/1000986.1.html

Solution :

Upgrade to JMF 2.1.1e or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 11635 (jmf_privs_escalation.nasl)

Bugtraq ID: 7612

CVE ID: CVE-2003-1572

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now