exploit the possibilities
Showing 1 - 3 of 3 RSS Feed

CVE-2010-0842

Status Candidate

Overview

Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an uncontrolled array index that allows remote attackers to execute arbitrary code via a MIDI file with a crafted MixerSequencer object, related to the GM_Song structure.

Related Files

Java MixerSequencer Object GM_Song Structure Handling
Posted Feb 17, 2012
Authored by Peter Vreugdenhil, juan vazquez | Site metasploit.com

This Metasploit module exploits a flaw within the handling of MixerSequencer objects in Java 6u18 and before. Exploitation id done by supplying a specially crafted MIDI file within an RMF File. When the MixerSequencer objects is used to play the file, the GM_Song structure is populated with a function pointer provided by a SONG block in the RMF. A Midi block that contains a MIDI with a specially crafted controller event is used to trigger the vulnerability. When triggering the vulnerability "ebx" points to a fake event in the MIDI file which stores the shellcode. A "jmp ebx" from msvcr71.dll is used to make the exploit reliable over java updates.

tags | exploit, java, shellcode
advisories | CVE-2010-0842, OSVDB-63493
SHA-256 | 4bfc86d5bc0fc319751b4a58608edff9318f0cb3cc5c83f4040fa6a97b6f8907
HP Security Bulletin HPSBUX02524 SSRT100089
Posted Jun 4, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote execution of arbitrary code, disclosure of information, and other vulnerabilities.

tags | advisory, java, remote, arbitrary, vulnerability
systems | hpux
advisories | CVE-2009-3555, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842
SHA-256 | 92e32764f76392e6f3bf3990c8c3fac47222d7eb3506bb89b4695a699cb20181
Zero Day Initiative Advisory 10-060
Posted Apr 6, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-060 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun's Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the handling of MixerSequencer objects. When this object is used to play a MIDI file, the GM_Song structure is populated with song data. In particular, it stores a integer value from the file and uses it later as an index into an array of function pointers. If this value is over 128 the process can be made to call a pointer outside the array. This can be leveraged to execute arbitrary code under the context of the user running the applet.

tags | advisory, java, remote, arbitrary
advisories | CVE-2010-0842
SHA-256 | 3ad78cc81ac910e99d4b6df48462459c39cba0cee045bb5cf2dd4813cbbe3da3
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close