CVE-2010-0840 Information

Description

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 5.0 Update 23 and 1.4.2_25 allows remote attackers to affect confidentiality integrity and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE) which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method or (2) \a similar trust issue with interfaces\ aka \Trusted Methods Chaining Remote Code Execution Vulnerability.\

Reference

http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 http://lists.apple.com/archives/security-announce/2010//May/msg00001.html http://lists.apple.com/archives/security-announce/2010//May/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://marc.info/?l=bugtraq&m=127557596201693&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://secunia.com/advisories/39292 http://secunia.com/advisories/39317 http://secunia.com/advisories/39659 http://secunia.com/advisories/39819 http://secunia.com/advisories/40211 http://secunia.com/advisories/40545 http://secunia.com/advisories/43308 http://support.apple.com/kb/HT4170 http://support.apple.com/kb/HT4171 http://ubuntu.com/usn/usn-923-1 http://www.mandriva.com/security/advisories?name=MDVSA-2010:084 http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html http://www.redhat.com/support/errata/RHSA-2010-0337.html http://www.redhat.com/support/errata/RHSA-2010-0338.html http://www.redhat.com/support/errata/RHSA-2010-0339.html http://www.redhat.com/support/errata/RHSA-2010-0383.html http://www.redhat.com/support/errata/RHSA-2010-0471.html http://www.redhat.com/support/errata/RHSA-2010-0489.html http://www.securityfocus.com/archive/1/510528/100/0/threaded http://www.securityfocus.com/archive/1/516397/100/0/threaded http://www.securityfocus.com/bid/39065 http://www.vmware.com/security/advisories/VMSA-2011-0003.html http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html http://www.vupen.com/english/advisories/2010/1107 http://www.vupen.com/english/advisories/2010/1191 http://www.vupen.com/english/advisories/2010/1454 http://www.vupen.com/english/advisories/2010/1523 http://www.vupen.com/english/advisories/2010/1793 http://www.zerodayinitiative.com/advisories/ZDI-10-056 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A13971 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9974