Detections
Analytics

Sun Java JRE GIF Image Handling Buffer Overflow (102760) (Unix)

medium Nessus Plugin ID 64819

Language:

Synopsis

The remote Unix host has a version of Sun's Java Runtime Environment that is affected by a buffer overflow vulnerability.

Description

According to its version number, the Sun JRE running on the remote host has a buffer overflow issue that can be triggered when parsing a GIF image with the image width in an image block set to 0. If an attacker can trick a user on the affected system into processing a specially crafted image file, say by visiting a malicious website, the attacker may be able to leverage this flaw to execute arbitrary code on the affected system subject to the user's privileges.

Solution

Update to Sun Java 2 JDK and JRE 5.0 Update 10 / SDK and JRE 1.4.2_13 / SDK and JRE 1.3.1_19 or later and, if necessary, remove any affected versions.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-07-005/

https://seclists.org/fulldisclosure/2007/Jan/326

http://www.nessus.org/u?10693d33

Plugin Details

Severity: Medium

ID: 64819

File Name: sun_java_jre_102760_unix.nasl

Version: 1.15

Type: local

Agent: unix

Family: Misc.

Published: 2/22/2013

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2007-0243

Vulnerability Information

CPE: cpe:/a:oracle:jre

Required KB Items: Host/Java/JRE/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/16/2007

Vulnerability Publication Date: 1/16/2007

Reference Information

CVE: CVE-2007-0243

BID: 22085

CWE: 119