Sun Java JRE GIF Image Handling Buffer Overflow (102760)
High Nessus Plugin ID 24022
SynopsisThe remote Windows host has a version of Sun's Java Runtime Environment that is affected by a buffer overflow vulnerability.
DescriptionAccording to its version number, the Sun JRE running on the remote host has a buffer overflow issue that can be triggered when parsing a GIF image with the image width in an image block set to 0. If an attacker can trick a user on the affected system into processing a specially crafted image file, say by visiting a malicious website, he may be able to leverage this flaw to execute arbitrary code on the affected system subject to the user's privileges.
SolutionUpdate to Sun Java 2 JDK and JRE 5.0 Update 10 / SDK and JRE 1.4.2_13 / SDK and JRE 1.3.1_19 or later and if necessary, remove any affected versions.