Sun Java JRE GIF Image Handling Buffer Overflow (102760)

high Nessus Plugin ID 24022

Synopsis

The remote Windows host has a version of Sun's Java Runtime Environment that is affected by a buffer overflow vulnerability.

Description

According to its version number, the Sun JRE running on the remote host has a buffer overflow issue that can be triggered when parsing a GIF image with the image width in an image block set to 0. If an attacker can trick a user on the affected system into processing a specially crafted image file, say by visiting a malicious website, he may be able to leverage this flaw to execute arbitrary code on the affected system subject to the user's privileges.

Solution

Update to Sun Java 2 JDK and JRE 5.0 Update 10 / SDK and JRE 1.4.2_13 / SDK and JRE 1.3.1_19 or later and if necessary, remove any affected versions.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-07-005/

https://seclists.org/fulldisclosure/2007/Jan/326

http://www.nessus.org/u?10693d33

Plugin Details

Severity: High

ID: 24022

File Name: sun_java_jre_102760.nasl

Version: 1.35

Type: local

Agent: windows

Family: Windows

Published: 1/17/2007

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:jre

Required KB Items: SMB/Java/JRE/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/16/2007

Vulnerability Publication Date: 1/16/2007

Reference Information

CVE: CVE-2007-0243

BID: 22085

CWE: 119