Description: | Summary: This host is installed with Sun Java JDK/JRE and is prone to Integer Overflow vulnerability.
Vulnerability Insight: Multiple flaws exist:
- Integer overflow occurs in JRE while vectors involving an untrusted Java Web Start application that grants permissions to itself, related to parsing of JPEG images.
- Error in the Java Management Extensions (JMX) implementation which does not properly enforce OpenType checks.
- Error in encoder which grants read access to private variables with unspecified names via an untrusted applet or application.
- The plugin functionality does not properly implement version selection, which can be exploited by 'old zip and certificate handling' via unknown vectors.
- Unspecified error in the 'javax.swing.plaf.synth.SynthContext.isSubregion' method in the Swing implementation which causes NullPointerException via unknown vectors.
- Error in Java Web Start implementation which causes NullPointerException via a crafted '.jnlp' file.
Vulnerability Impact: Successful exploitation will allow remote attackers to gain sensitive information, and can cause Denial of Service in the context of the affected system.
Affected Software/OS: Sun Java JDK/JRE version 6 before Update 15.
Solution: Upgrade to JDK/JRE version 6 Update 15.
CVSS Score: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
|