exploit the possibilities
Showing 1 - 6 of 6 RSS Feed

CVE-2010-3552

Status Candidate

Overview

Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

Related Files

Gentoo Linux Security Advisory 201111-02
Posted Nov 6, 2011
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201111-2 - Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impacts. Versions less than 1.6.0.29 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552, CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560, CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565, CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574, CVE-2010-4422
MD5 | 2d616c9d231ca438edbb520e0c93ad61
VMware Security Advisory 2011-0013
Posted Oct 28, 2011
Authored by VMware | Site vmware.com

VMware Security Advisory 2011-0013 - Update 2 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere Hypervisor (ESXi) 4.1 and ESX 4.1 addresses several security issues.

tags | advisory
advisories | CVE-2008-7270, CVE-2010-1321, CVE-2010-2054, CVE-2010-3170, CVE-2010-3173, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552, CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560, CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565, CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3570
MD5 | 26552aa60a5c26e94447eff4439feea8
Bleeding Life 2 Exploit Pack
Posted Oct 24, 2011
Site blackhatacademy.org

Black Hat Academy has decided to go open source with the Bleeding Life 2 exploit pack. This is an exploit pack that affects Windows-based web browsers via Adobe and Java.

tags | exploit, java, web
systems | linux, windows
advisories | CVE-2008-2992, CVE-2010-1297, CVE-2010-2884, CVE-2010-0188, CVE-2010-0642, CVE-2010-3552
MD5 | df19be9e1d930def74baab341a3a5f08
HP Security Bulletin HPSBUX02608 SSRT100333
Posted Jan 14, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02608 SSRT100333 2 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote execution of arbitrary code, disclosure of information, and other vulnerabilities. Revision 2 of this advisory.

tags | advisory, java, remote, arbitrary, vulnerability
systems | hpux
advisories | CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552, CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560, CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3564, CVE-2010-3565, CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574
MD5 | 8eece32cf8d4c7962e639b291a8349a0
Sun Java Runtime New Plugin docbase Buffer Overflow
Posted Oct 25, 2010
Authored by jduck | Site metasploit.com

This Metasploit module exploits a flaw in the new plugin component of the Sun Java Runtime Environment before v6 Update 22. By specifying specific parameters to the new plugin, an attacker can cause a stack-based buffer overflow and execute arbitrary code. When the new plugin is invoked with a "launchjnlp" parameter, it will copy the contents of the "docbase" parameter to a stack-buffer using the "sprintf" function. A string of 396 bytes is enough to overflow the 256 byte stack buffer and overwrite some local variables as well as the saved return address. NOTE: The string being copied is first passed through the "WideCharToMultiByte". Due to this, only characters which have a valid localized multibyte representation are allowed. Invalid characters will be replaced with question marks ('?'). This vulnerability was originally discovered independently by both Stephen Fewer and Berend Jan Wever (SkyLined). Although exhaustive testing hasn't been done, all versions since version 6 Update 10 are believed to be affected by this vulnerability. This vulnerability was patched as part of the October 2010 Oracle Patch release.

tags | exploit, java, overflow, arbitrary, local
advisories | CVE-2010-3552
MD5 | a6f93012454e9ce1c3620cde6ac34d81
Zero Day Initiative Advisory 10-206
Posted Oct 13, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-206 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the JP2IEXP.dll responsible for handling the Java plugin within Internet Explorer. When an applet is embedded within a page, the code within this module parses out the docbase parameter and copies it into a fixed-length buffer located on the stack. An attacker can overflow this buffer and execute remote code under the context of the user running the browser.

tags | advisory, java, remote, overflow, arbitrary
advisories | CVE-2010-3552
MD5 | 2649f7ec76afe8bb94992d9d61bc6179
Page 1 of 1
Back1Next

File Archive:

March 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    19 Files
  • 2
    Mar 2nd
    15 Files
  • 3
    Mar 3rd
    30 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close