exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Packet Storm Advisory 2013-0819-1 - Oracle Java BytePackedRaster.verify()

Packet Storm Advisory 2013-0819-1 - Oracle Java BytePackedRaster.verify()
Posted Aug 19, 2013
Site packetstormsecurity.com

The BytePackedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of "dataBitOffset" boundary checks. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file. This finding was purchased through the Packet Storm Bug Bounty program.

tags | advisory, java, remote, overflow, code execution, bug bounty, packet storm
systems | linux, windows, apple
SHA-256 | 1b8625579128a6aa2eebdfe1d14a2d3ff5e447dbf25cd29275461b7cd5791be8

Packet Storm Advisory 2013-0819-1 - Oracle Java BytePackedRaster.verify()

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

+------------------------------------------------------------------------------+
| Packet Storm Advisory 2013-0819-1 |
| http://packetstormsecurity.com/ |
+------------------------------------------------------------------------------+
| Title: Oracle Java BytePackedRaster.verify() Signed Integer Overflow |
+--------------------+---------------------------------------------------------+
| Release Date | 2013/08/19 |
| Advisory Contact | Packet Storm (advisories@packetstormsecurity.com) |
| Researcher | Name Withheld |
+--------------------+---------------------------------------------------------+
| System Affected | Oracle Java |
| Versions Affected | Prior to 7u25 |
| Vendor Patched | 2013/06/18 |
| Classification | 0-day |
+--------------------+---------------------------------------------------------+

+----------+
| OVERVIEW |
+----------+

The release of this advisory provides exploitation details in relation to a
known patched vulnerability in Oracle Java. These details were obtained
through the Packet Storm Bug Bounty program and are being released to the
community.

+------------------------------------------------------------------------------+

+---------+
| DETAILS |
+---------+

The BytePackedRaster.verify() method in Oracle Java versions prior to 7u25
is vulnerable to a signed integer overflow that allows bypassing of
"dataBitOffset" boundary checks. This vulnerability allows for remote code
execution. User interaction is required for this exploit in that the target
must visit a malicious page or open a malicious file.

+------------------------------------------------------------------------------+

+------------------+
| PROOF OF CONCEPT |
+------------------+

The full exploit code that pops calc.exe is available here:
http://packetstormsecurity.com/files/122865/

+------------------------------------------------------------------------------+

+---------------+
| RELATED LINKS |
+---------------+

http://www.oracle.com/technetwork/java/javase/7u25-relnotes-1955741.html

+------------------------------------------------------------------------------+


+----------------+
| SHAMELESS PLUG |
+----------------+

The Packet Storm Bug Bounty program gives researchers the ability to profit
from their discoveries. You can get paid thousands of dollars for one day
and zero day exploits. Get involved by contacting us at
getpaid@packetstormsecurity.com or visit the bug bounty page at:

http://packetstormsecurity.com/bugbounty/




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iEYEARECAAYFAlISqa4ACgkQrM7A8W0gTbG7lwCgrha8ukKjfCtKnsKEPZ5uMRSO
JAEAnjybqCvr9Xcu28TkXcFauIFx6FSq
=H4uL
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close