CVE-2010-0843 Information
Description
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18 5.0 Update 23 1.4.2_25 and 1.3.1_27 allows remote attackers to affect confidentiality integrity and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to XNewPtr and improper handling of an integer parameter when allocating heap memory in the com.sun.media.sound libraries which allows remote attackers to execute arbitrary code.
Reference
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 http://lists.apple.com/archives/security-announce/2010//May/msg00001.html http://lists.apple.com/archives/security-announce/2010//May/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://marc.info/?l=bugtraq&m=127557596201693&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://osvdb.org/63492 http://seclists.org/bugtraq/2010/Apr/41 http://secunia.com/advisories/39317 http://secunia.com/advisories/39659 http://secunia.com/advisories/39819 http://secunia.com/advisories/40211 http://secunia.com/advisories/40545 http://secunia.com/advisories/43308 http://support.apple.com/kb/HT4170 http://support.apple.com/kb/HT4171 http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html http://www.redhat.com/support/errata/RHSA-2010-0337.html http://www.redhat.com/support/errata/RHSA-2010-0338.html http://www.redhat.com/support/errata/RHSA-2010-0383.html http://www.redhat.com/support/errata/RHSA-2010-0471.html http://www.redhat.com/support/errata/RHSA-2010-0489.html http://www.securityfocus.com/archive/1/516397/100/0/threaded http://www.securityfocus.com/bid/39083 http://www.vmware.com/security/advisories/VMSA-2011-0003.html http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html http://www.vupen.com/english/advisories/2010/1191 http://www.vupen.com/english/advisories/2010/1454 http://www.vupen.com/english/advisories/2010/1523 http://www.vupen.com/english/advisories/2010/1793 http://www.zerodayinitiative.com/advisories/ZDI-10-052/ https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A14092
Share on: