CVE-2006-6731

Severity

93%

Complexity

86%

Confidentiality

165%

Multiple buffer overflows in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allow attackers to develop Java applets that read, write, or execute local files, possibly related to (1) integer overflows in the Java_sun_awt_image_ImagingLib_convolveBI, awt_parseRaster, and awt_parseColorModel functions; (2) a stack overflow in the Java_sun_awt_image_ImagingLib_lookupByteRaster function; and (3) improper handling of certain negative values in the Java_sun_font_SunLayoutEngine_nativeLayout function. NOTE: some of these details are obtained from third party information.

Multiple buffer overflows in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allow attackers to develop Java applets that read, write, or execute local files, possibly related to (1) integer overflows in the Java_sun_awt_image_ImagingLib_convolveBI, awt_parseRaster, and awt_parseColorModel functions; (2) a stack overflow in the Java_sun_awt_image_ImagingLib_lookupByteRaster function; and (3) improper handling of certain negative values in the Java_sun_font_SunLayoutEngine_nativeLayout function. NOTE: some of these details are obtained from third party information.

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

First reported 18 years ago

2006-12-26 23:28:00

Last updated 5 years ago

2019-10-09 22:51:00

Affected Software

Sun JDK 1.5.0

1.5.0

Sun JDK 5.0 Update1

1.5.0

Sun JDK 5.0 Update2

1.5.0

Sun JDK 5.0 Update3

1.5.0

Sun JDK 5.0 Update4

1.5.0

Sun JDK 5.0 Update5

1.5.0

Sun JDK 1.5.0_6

1.5.0

Sun JDK 5.0 Update7

1.5.0

Sun JRE 1.3.1

1.3.1

Sun JRE 1.3.1_2

1.3.1_2

Sun JRE 1.3.1_03

1.3.1_03

Sun JRE 1.3.1_04

1.3.1_04

Sun JRE 1.3.1_05

1.3.1_05

Sun JRE 1.3.1_06

1.3.1_06

Sun JRE 1.3.1_07

1.3.1_07

Sun JRE 1.3.1_08

1.3.1_08

Sun JRE 1.3.1_09

1.3.1_09

Sun JRE 1.3.1_10

1.3.1_10

Sun JRE 1.3.1_11

1.3.1_11

Sun JRE 1.3.1_12

1.3.1_12

Sun JRE 1.3.1_13

1.3.1_13

Sun JRE 1.3.1_14

1.3.1_14

Sun JRE 1.3.1_15

1.3.1_15

Sun JRE 1.3.1_16

1.3.1_16

Sun JRE 1.3.1_17

1.3.1_17

Sun JRE 1.3.1_18

1.3.1_18

Sun JRE 1.4.2

1.4.2

Sun JRE 1.4.2_1

1.4.2_1

Sun JRE 1.4.2_2

1.4.2_2

Sun JRE 1.4.2_3

1.4.2_3

Sun JRE 1.4.2_4

1.4.2_4

Sun JRE 1.4.2_5

1.4.2_5

Sun JRE 1.4.2_6

1.4.2_6

Sun JRE 1.4.2_7

1.4.2_7

Sun JRE 1.4.2_8

1.4.2_8

Sun JRE 1.4.2_9

1.4.2_9

Sun JRE 1.4.2_10

1.4.2_10

Sun JRE 1.4.2_11

1.4.2_11

Sun JRE 1.4.2_12

1.4.2_12

Sun JRE 1.5.0

1.5.0

Sun JRE 1.5.0_1 (JRE 5.0 Update 1)

1.5.0

Sun JRE 1.5.0_2 (JRE 5.0 Update 2)

1.5.0

Sun JRE 1.5.0_3 (JRE 5.0 Update 3)

1.5.0

Sun JRE 1.5.0_4 (JRE 5.0 Update 4)

1.5.0

Sun JRE 1.5.0_5 (JRE 5.0 Update 5)

1.5.0

Sun JRE 1.5.0_6 (JRE 5.0 Update 6)

1.5.0

Sun JRE 1.5.0_7 (JRE 5.0 Update 7)

1.5.0

Sun SDK 1.3.1

1.3.1

Sun SDK 1.3.1_01

1.3.1_01

Sun SDK 1.3.1_01a

1.3.1_01a

Sun SDK 1.3.1_02

1.3.1_02

Sun SDK 1.3.1_03

1.3.1_03

Sun SDK 1.3.1_04

1.3.1_04

Sun SDK 1.3.1_05

1.3.1_05

Sun SDK 1.3.1_06

1.3.1_06

Sun SDK 1.3.1_07

1.3.1_07

Sun SDK 1.3.1_08

1.3.1_08

Sun SDK 1.3.1_09

1.3.1_09

Sun SDK 1.3.1_10

1.3.1_10

Sun SDK 1.3.1_11

1.3.1_11

Sun SDK 1.3.1_12

1.3.1_12

Sun SDK 1.3.1_13

1.3.1_13

Sun SDK 1.3.1_14

1.3.1_14

Sun SDK 1.3.1_15

1.3.1_15

Sun SDK 1.3.1_16

1.3.1_16

Sun SDK 1.3.1_17

1.3.1_17

Sun SDK 1.3.1_18

1.3.1_18

SDK 1.4.2

1.4.2

Sun SDK 1.4.2_1

1.4.2_1

Sun SDK 1.4.2_2

1.4.2_2

Sun SDK 1.4.2_3

1.4.2_3

Sun SDK 1.4.2_4

1.4.2_4

Sun SDK 1.4.2_5

1.4.2_5

Sun SDK 1.4.2_6

1.4.2_6

Sun SDK 1.4.2_7

1.4.2_7

Sun SDK 1.4.2_8

1.4.2_8

Sun SDK 1.4.2_9

1.4.2_9

Sun SDK 1.4.2_10

1.4.2_10

Sun SDK 1.4.2_11

1.4.2_11

Sun SDK 1.4.2_12

1.4.2_12

References

BEA07-174.00

Third Party Advisory

http://docs.info.apple.com/article.html?artnum=307177

Third Party Advisory

HPSBUX02196

Third Party Advisory

APPLE-SA-2007-12-14

Mailing List, Third Party Advisory

SUSE-SA:2007:003

Mailing List, Third Party Advisory

http://scary.beasts.org/security/CESA-2005-008.txt

Third Party Advisory

23445

Third Party Advisory

23650

Third Party Advisory

23835

Third Party Advisory

24099

Third Party Advisory

24189

Third Party Advisory

24468

Third Party Advisory

25283

Third Party Advisory

25404

Third Party Advisory

28115

Third Party Advisory

GLSA-200701-15

Third Party Advisory

GLSA-200702-08

Third Party Advisory

1017425

Third Party Advisory, VDB Entry

102729

Broken Link

GLSA-200705-20

Third Party Advisory

VU#149457

Third Party Advisory, US Government Resource

VU#939609

Third Party Advisory, US Government Resource

SUSE-SA:2007:010

Third Party Advisory

RHSA-2007:0062

Third Party Advisory

RHSA-2007:0072

Third Party Advisory

RHSA-2007:0073

Third Party Advisory, VDB Entry

21675

Patch, Third Party Advisory, VDB Entry

TA07-022A

Third Party Advisory, US Government Resource

ADV-2006-5073

Permissions Required

ADV-2007-0936

Permissions Required

ADV-2007-1814

Permissions Required

ADV-2007-4224

Permissions Required

oval:org.mitre.oval:def:10134

Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.