Description: | Summary: This host is installed with Sun Java JDK/JRE and is prone to Multiple Vulnerabilities.
Vulnerability Insight: Multiple flaws occur due to:
- Error when decoding 'DER' encoded data and parsing HTTP headers.
- Error when verifying 'HMAC' digests.
- Integer overflow error in the 'JPEG JFIF' Decoder while processing malicious image files.
- A buffer overflow error in the 'setDiffICM()' and 'setBytePixels()' functions in the Abstract Window Toolkit (AWT).
- Unspecified error due to improper parsing of color profiles of images.
- A buffer overflow error due to improper implementation of the 'HsbParser.getSoundBank()' function.
- Three unspecified errors when processing audio or image files.
Vulnerability Impact: Successful exploitation allows remote attacker to execute arbitrary code, gain escalated privileges, bypass security restrictions and cause denial of service attacks inside the context of the affected system.
Affected Software/OS: Sun Java JDK/JRE 6 prior to 6 Update 17
Sun Java JDK/JRE 5 prior to 5 Update 22
Sun Java JDK/JRE 1.4.x prior to 1.4.2_24
Sun Java JDK/JRE 1.3.x prior to 1.3.1_27 on Windows.
Solution: Upgrade to JDK/JRE version 6 Update 17 or later.
Upgrade to JDK/JRE version 5 Update 22
Upgrade to JDK/JRE version 1.4.2_24
Upgrade to JDK/JRE version 1.3.1_27.
CVSS Score: 9.3
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
|