---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Sun Java JDK / JRE / SDK Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41791 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41791/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41791 RELEASE DATE: 2010-10-14 DISCUSS ADVISORY: http://secunia.com/advisories/41791/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41791/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41791 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Sun Java, which can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to disclose potentially sensitive information, manipulate certain data, and compromise a vulnerable system. 1) An error in the 2D component may allow execution of arbitrary code. 2) An error in the 2D component may allow execution of arbitrary code. 3) An integer overflow error in the "JPEGImageWriter.writeImage()" function when processing JPEG image dimensions of a subsample can be exploited to corrupt memory. Successful exploitation may allow execution of arbitrary code. 4) An integer overflow error in the color profile parser when processing the ICC Profile Device Information Tag structure fails to properly allocate memory. Successful exploitation may allow execution of arbitrary code. 5) An error in the 2D component may allow execution of arbitrary code. 6) An integer overflow error in the color profile parser when processing the ICC Profile Unicode Description Tag structure fails to properly allocate memory. Successful exploitation may allow execution of arbitrary code. 7) An error in the CORBA component may allow execution of arbitrary code. 8) An error in the com.sun.jnlp.BasicServiceImpl class when retrieving a security policy can be exploited to remove sandbox restrictions. Successful exploitation may allow execution of arbitrary code. 9) An error in the JRE component may allow execution of arbitrary code. 10) An error in the JRE component may allow execution of arbitrary code. 11) An error in the Java Web Start component may allow execution of arbitrary code. 12) A boundary error in the New Java Plugin (JP2IEXP.dll) when copying the "docbase" applet parameter can be exploited to cause a stack-based buffer overflow. Successful exploitation may allow execution of arbitrary code. 13) A signedness error in the "HeadspaceSoundbank.nGetName()" function when parsing BANK records can be exploited to cause a buffer overflow using memcpy() via a specially crafted SoundBank file. Successful exploitation may allow execution of arbitrary code. 14) An error in the Sound component may allow execution of arbitrary code. 15) An error in the Swing component may allow execution of arbitrary code. 16) An error in the ActiveX plugin fails to properly initialize a window handle and may allow execution of arbitrary code. 17) An error in the Java Web Start component may allow execution of arbitrary code. 18) An error in the Deployment Toolkit component may allow execution of arbitrary code. 19) An error in the CORBA component can be exploited to disclose and manipulate certain data. 20) An error in the JSSE TLS/SSL component can be exploited to manipulate certain data. For more information: SA37291 21) A NULL-pointer dereference error in Kerberos GSS-API can be exploited to cause a DoS. For more information: SA39762 22) An error in the Networking component can be exploited to disclose and manipulate certain data. 23) An error in the Swing component can be exploited to disclose and manipulate certain data. 24) An error in the Networking component can be exploited to disclose and manipulate certain data. 25) An error in the Networking component can be exploited to disclose and manipulate certain data. 26) An error in the Networking component can be exploited to disclose and manipulate certain data. 27) An error in the JNDI component can be exploited to disclose certain data. 28) An error in the Networking component can be exploited to disclose certain data. 29) An error in the Networking component can be exploited to disclose certain data. SOLUTION: Apply updates. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 3) An anonymous person, reported via ZDI. 4,6) Intevydis, reported via ZDI. 8) Matthias Kaiser, reported via ZDI. 12,16) Stephen Fewer of Harmony Security, reported via ZDI. 13) An anonymous person, reported via ZDI. 16) An anonymous person, reported via ZDI. It is currently unclear who reported these vulnerabilities as the Oracle Critical Patch Update for October 2010 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-202/ http://www.zerodayinitiative.com/advisories/ZDI-10-203/ http://www.zerodayinitiative.com/advisories/ZDI-10-204/ http://www.zerodayinitiative.com/advisories/ZDI-10-205/ http://www.zerodayinitiative.com/advisories/ZDI-10-206/ http://www.zerodayinitiative.com/advisories/ZDI-10-207/ http://www.zerodayinitiative.com/advisories/ZDI-10-208/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------