Sun Java JRE GIF Image Handling Buffer Overflow (102760)

High Nessus Plugin ID 24022


The remote Windows host has a version of Sun's Java Runtime Environment that is affected by a buffer overflow vulnerability.


According to its version number, the Sun JRE running on the remote host has a buffer overflow issue that can be triggered when parsing a GIF image with the image width in an image block set to 0. If an attacker can trick a user on the affected system into processing a specially crafted image file, say by visiting a malicious website, he may be able to leverage this flaw to execute arbitrary code on the affected system subject to the user's privileges.


Update to Sun Java 2 JDK and JRE 5.0 Update 10 / SDK and JRE 1.4.2_13 / SDK and JRE 1.3.1_19 or later and if necessary, remove any affected versions.

See Also

Plugin Details

Severity: High

ID: 24022

File Name: sun_java_jre_102760.nasl

Version: $Revision: 1.29 $

Type: local

Agent: windows

Family: Windows

Published: 2007/01/17

Modified: 2017/05/01

Dependencies: 33545

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C


Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:oracle:jre

Required KB Items: SMB/Java/JRE/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2007/01/16

Vulnerability Publication Date: 2007/01/16

Reference Information

CVE: CVE-2007-0243

BID: 22085

OSVDB: 32834

CWE: 119