what you don't know can hurt you
Showing 1 - 1 of 1 RSS Feed

Files

Zero Day Initiative Advisory 10-053
Posted Apr 5, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-053 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun's Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the handling of MIDI streams. When the code responsible for creating a MixerSequencer object from a MIDI stream encounters an 0xFF byte, it assumes it has reached a metaEvent. It then proceeds to parse out a variable-length field. By abusing the way this structure is stored an attacker can corrupt a pointer address later allowing a NULL byte write to an arbitrary memory address. This can be leveraged to execute remote code under the context of the user running the applet.

tags | advisory, java, remote, arbitrary
advisories | CVE-2010-0844
MD5 | ae1160e02786d0b373a9c2667dfdf16c
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Official Monero Website Hacked, Delivers Backdoored Software
Posted Nov 20, 2019

tags | headline, cybercrime, fraud, cryptography
Offshore Bank Targeted By Phineas Fisher Confirms It Was Hacked
Posted Nov 20, 2019

tags | headline, hacker, bank, cybercrime, data loss, fraud
Mozilla Just Doubled Its Payouts As It Tries To Attract Software Vulnerability Hunters
Posted Nov 20, 2019

tags | headline, hacker, flaw, mozilla, firefox
Half Of Oracle E-Business Customers Open To Bank Fraud Flaw
Posted Nov 20, 2019

tags | headline, bank, cybercrime, fraud, flaw, oracle
Arron Banks' Twitter Account Hacked
Posted Nov 19, 2019

tags | headline, hacker, government, britain, twitter
FBI Sought Interpol Statement Against End To End Crypto
Posted Nov 19, 2019

tags | headline, government, privacy, usa, spyware, fbi, cryptography
Macys.com Magecart Attack Yields Payment, Personal Info
Posted Nov 19, 2019

tags | headline, hacker, privacy, bank, cybercrime, data loss, fraud
Android Flaw Lets Rogue Apps Take Photos, Record Video Even If Your Phone Is Locked
Posted Nov 19, 2019

tags | headline, privacy, malware, phone, flaw, google
Phineas Fisher Offers $100,000 Bounty To Hack Banks And Oil Companies
Posted Nov 18, 2019

tags | headline, hacker, bank, cybercrime, fraud, cyberwar, scada
Google Patches Awesome XSS Vulnerability In Gmail Dynamic Email Feature
Posted Nov 18, 2019

tags | headline, email, flaw, google
View More News →
packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close