English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Sun JDK and JRE ICC and BMP Parser Vulnerabilities


Secunia ID

SA25295

CVE-ID

CVE-2007-2788, CVE-2007-2789, CVE-2007-3004, CVE-2007-3005

Release Date

16 May 2007

Last Change

23 Oct 2007

Criticality

Highly Critical

Solution Status

Vendor Patch

Software

Sun Java JDK 1.5.x
Sun Java JRE 1.3.x
Sun Java JRE 1.4.x
Sun Java JRE 1.5.x / 5.x
Sun Java JRE 1.6.x / 6.x
Sun Java SDK 1.3.x
Sun Java SDK 1.4.x

Where

From remote

Impact
DoS (Denial of Service)

This includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system.

System access

This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.

Description

Chris Evans has reported some vulnerabilities in Sun JDK and JRE, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.

1) An integer overflow error exists within the parser for embedded ICC profiles of JPG and BMP images. This can be exploited to crash the JVM and potentially allow the execution of arbitrary code by e.g. tricking an application using the JDK or JRE to process a malicious image file.

2) The BMP file parser tries to open local files ("/dev/tty") while parsing BMP images. This can be exploited to cause a DoS by e.g. tricking an application using the JDK or JRE to process a malicious BMP image.

Successful exploitation of this vulnerability may require the JVM to be run on a Linux- or UNIX-like operating system.

Solution

Update to JDK and JRE 6 Update 1 or later, JDK and JRE 5.0 Update 11 or later, SDK and JRE 1.4.2_15 or later, and SDK and JRE 1.3.1_21 or later. See vendor advisory for further details.

Reported by

Chris Evans, Google

Original Advisory

Sun:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1

Chris Evans:
http://scary.beasts.org/security/CESA-2006-004.html