‘Oracle Sun JRE JPEGImageWriter.writeImage Code Execution Vulnerability’

Summary

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun’s Java Runtime Environment.’

Credit:

‘The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-10-205/


Details

Vulnerable Systems:
 * Sun Microsystems Java Runtime

User interaction is required to exploit this vulnerability in that the target must visit a malicious page.

The specific flaw exists in the processing of JPEG image dimensions. When specifying large values to the dimensions of a subsample an integer overflow occurs leading to memory corruption. Successful exploitation of this vulnerability can lead to remote compromise under the credentials of the currently logged in user.

Patch Availability:
Sun Microsystems has issued an update to correct this vulnerability at:
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html

CVE Information:
CVE-2010-3565

Disclosure Timeline:
2010-06-17 – Vulnerability reported to vendor
2010-10-12 – Coordinated public release of advisory’

Categories: News