Internet threat level: 1
Home→Descriptions→SA37231
Sun Java JDK / JRE Multiple Vulnerabilities
| Secunia ID | |
| CVE-ID |
CVE-2009-3728, CVE-2009-3729, CVE-2009-3864, CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882, CVE-2009-3883, CVE-2009-3884, CVE-2009-3886, CVE-2009-3885 |
| Release Date |
04 Nov 2009 |
| Last Change |
11 Nov 2009 |
| Criticality | |
| Solution Status |
Vendor Patch |
| Software |
Sun Java JDK 1.5.x |
| Where | |
| Impact |
DoS (Denial of Service)This includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system. System accessThis covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. Exposure of sensitive informationVulnerabilities where documents or credentials are leaked or can be revealed either locally or from remote. Security BypassThis covers vulnerabilities or security issues where malicious users or people can bypass certain security mechanisms of the application. The actual impact varies significantly depending on the design and purpose of the affected application. |
| Description |
Some weaknesses and vulnerabilities have been reported in Sun Java, which can be exploited by malicious people to potentially disclose sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), or compromise a user's system. 1) A weakness is caused by the update mechanism failing to update JRE to a new version when running on non-English Windows versions. 2) An error in the JRE Deployment Toolkit on Windows can be exploited to execute arbitrary code when viewing a specially crafted web page. 3) An error in the Java Web Start installer can be exploited to run a malicious Java Web Start application as trusted and executed arbitrary code. 4) An error in the implementation of the "HsbParser.getSoundBank()" function can be exploited to cause a stack-based buffer overflow and potentially execute arbitrary code via an overly long "file://" URL argument. 5) An unspecified error when processing audio or image files can be exploited to potentially execute arbitrary code via an untrusted applet. 6) An error in the implementation of the "setDiffICM()" AWT function can be exploited to cause a stack-based buffer overflow and potentially execute arbitrary code. 7) Three unspecified errors when processing audio or image files can be exploited to potentially execute arbitrary code via an untrusted applet. 8) An integer overflow error when processing the dimensions of a JPEG subsample can be exploited to corrupt memory and potentially execute arbitrary code. 9) An error when verifying HMAC digests can be exploited to potentially bypass authentication via a fake digital signature that is incorrectly accepted as valid by a Java application. 10) An error when decoding DER encoded data can be exploited to exhaust all available JRE memory. 11) An error when parsing HTTP headers can be exploited to exhaust all available JRE memory. 12) An error in the implementation of the "setBytePixels()" AWT function can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. NOTE: Various other information disclosure weaknesses and a crash while parsing TrueType fonts have also been reported. |
| Solution |
Update to a fixed version. JDK and JRE 6 Update 17: JDK and JRE 5.0 Update 22: Java SE for Business SDK and JRE 1.4.2_24: SDK and JRE 1.3.1_27 (for customers with Solaris 8 and Vintage Support Offering support contracts): |
| Reported by |
3) Peter Csepely, reported via ZDI The vendor also credits: |
| Original Advisory |
Sun: ZDI: |
© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.