‘Sun Java JDK/JRE Unpack200 Buffer Overflow Vulnerability’
‘The information has been provided by Sebastien Renaud.
The original article can be found at: http://www.vupen.com/english/advisories/2010/0747‘
* Sun Java JDK version 6 Update 18 and prior
* Sun Java JDK version 5.0 Update 23 and prior
* Sun Java JRE version 6 Update 18 and prior
* Sun Java JRE version 5.0 Update 23 and prior
* Sun Java JRE version 1.4.2_25 and prior
The flaw is caused by a buffer overflow error within the Unpack200 component when processing malformed data, which could be exploited by attackers to execute arbitrary code via a malicious archive.
Upgrade to Sun Java JDK and JRE 6 Update 19, JDK and JRE 5.0 Update 24, and JRE and SDK version 1.4.2_26 :
2009-10-22 – Vendor notified
2009-10-23 – Vendor response
2010-03-31 – Coordinated public Disclosure’