CVE-2010-0846

Severity

75%

Complexity

99%

Confidentiality

106%

Per: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html 'Affected product releases and versions: • Java SE: • JDK and JRE 6 Update 18 and earlier for Windows, Solaris, and Linux • JDK 5.0 Update 23 and earlier for Solaris • SDK 1.4.2_25 and earlier for Solaris • Java for Business: • JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux • JDK and JRE 5.0 Update 23 and earlier for Windows, Solaris and Linux • SDK and JRE 1.4.2_25 and earlier for Windows, Solaris and Linux'

Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows remote attackers to execute arbitrary code, related to an "invalid assignment" and inconsistent length values in a JPEG image encoder (JPEGImageEncoderImpl).

Per: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html 'Affected product releases and versions: • Java SE: • JDK and JRE 6 Update 18 and earlier for Windows, Solaris, and Linux • JDK 5.0 Update 23 and earlier for Solaris • SDK 1.4.2_25 and earlier for Solaris • Java for Business: • JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux • JDK and JRE 5.0 Update 23 and earlier for Windows, Solaris and Linux • SDK and JRE 1.4.2_25 and earlier for Windows, Solaris and Linux'

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

First reported 14 years ago

2010-04-01 16:30:00

Last updated 6 years ago

2018-10-30 16:26:00

Affected Software

Sun JRE 1.6.0

1.6.0

Sun JRE 1.6.0 Update 1

1.6.0

Sun JRE 1.6.0 Update 10

1.6.0

Sun JRE 1.6.0 Update 11

1.6.0

Sun JRE 1.6.0 Update 12

1.6.0

Sun JRE 1.6.0 Update 13

1.6.0

Sun JRE 1.6.0 Update 14

1.6.0

Sun JRE 1.6.0 Update 15

1.6.0

Sun JRE 1.6.0 Update 16

1.6.0

Sun JRE 1.6.0 Update 17

1.6.0

Sun JRE 1.6.0 Update 2

1.6.0

Sun JRE 1.6.0 Update 3

1.6.0

Sun JRE 1.6.0 Update 4

1.6.0

Sun JRE 1.6.0 Update 5

1.6.0

Sun JRE 1.6.0 Update 6

1.6.0

Sun JRE 1.6.0 Update 7

1.6.0

Sun JDK 1.6.0

1.6.0

Sun JDK 6 Update 1

1.6.0

Sun JDK 1.6.0_01-b06

1.6.0

Sun JDK 6 Update 2

1.6.0

Sun JDK 1.6.0 Update 10

1.6.0

Sun JDK 1.6.0 Update 11

1.6.0

Sun JDK 1.6.0 Update 12

1.6.0

Sun JDK 1.6.0 Update 13

1.6.0

Sun JDK 1.6.0 Update 14

1.6.0

Sun JDK 1.6.0 Update 15

1.6.0

Sun JDK 1.6.0 Update 16

1.6.0

Sun JDK 1.6.0 Update 17

1.6.0

Sun JDK 1.6.0 Update 3

1.6.0

Sun JDK 1.6.0 Update 4

1.6.0

Sun JDK 1.6.0 Update 5

1.6.0

Sun JDK 1.6.0 Update 6

1.6.0

Sun JDK 1.6.0 Update 7

1.6.0

Sun JDK 1.5.0

1.5.0

Sun JDK 5.0 Update1

1.5.0

Sun JDK 5.0 Update10

1.5.0

Sun JDK 5.0 Update11

1.5.0

Sun JDK 5.0 Update12

1.5.0

Sun JDK 5.0 Update 13

1.5.0

Sun JDK 5.0 Update 14

1.5.0

Sun JDK 5.0 Update 15

1.5.0

Sun JDK 5.0 Update 16

1.5.0

Sun JDK 5.0 Update 17

1.5.0

Sun JDK 5.0 Update 18

1.5.0

Sun JDK 5.0 Update 19

1.5.0

Sun JDK 5.0 Update2

1.5.0

Sun JDK 5.0 Update 20

1.5.0

Sun JDK 5.0 Update 21

1.5.0

Sun JDK 5.0 Update3

1.5.0

Sun JDK 5.0 Update4

1.5.0

Sun JDK 5.0 Update5

1.5.0

Sun JDK 1.5.0_6

1.5.0

Sun JDK 5.0 Update7

1.5.0

Sun JDK 5.0 Update8

1.5.0

Sun JDK 5.0 Update9

1.5.0

SDK 1.4.2

1.4.2

Sun SDK 1.4.2_1

1.4.2_1

SDK 1.4.2_02

1.4.2_02

Sun SDK 1.4.2_3

1.4.2_3

Sun SDK 1.4.2_4

1.4.2_4

Sun SDK 1.4.2_5

1.4.2_5

Sun SDK 1.4.2_6

1.4.2_6

Sun SDK 1.4.2_7

1.4.2_7

Sun SDK 1.4.2_8

1.4.2_8

Sun SDK 1.4.2_9

1.4.2_9

Sun SDK 1.4.2_10

1.4.2_10

Sun SDK 1.4.2_11

1.4.2_11

Sun SDK 1.4.2_12

1.4.2_12

Sun SDK 1.4.2_13

1.4.2_13

Sun SDK 1.4.2_14

1.4.2_14

Sun SDK 1.4.2_15

1.4.2_15

Sun SDK 1.4.2_16

1.4.2_16

Sun SDK1.4.2_17

1.4.2_17

Sun SDK1.4.2_18

1.4.2_18

Sun SDK 1.4.2_19

1.4.2_19

Sun SDK 1.4.2_20

1.4.2_20

Sun SDK 1.4.2_21

1.4.2_21

SDK 1.4.2_22

1.4.2_22

Sun SDK 1.4.2_23

1.4.2_23

Sun SDK 1.4.2_24

1.4.2_24

Sun SDK

Sun JRE 1.5.0

1.5.0

Sun JRE 1.5.0_1 (JRE 5.0 Update 1)

1.5.0

Sun JRE 1.5.0_10 (JRE 5.0 Update 10)

1.5.0

Sun JRE 1.5.0_11 (JRE 5.0 Update 11)

1.5.0

Sun JRE 1.5.0_12 (JRE 5.0 Update 12)

1.5.0

Sun JRE 1.5.0_13 (JRE 5.0 Update 13)

1.5.0

Sun JRE 1.5.0_14 (JRE 5.0 Update 14)

1.5.0

Sun JRE 1.5.0_15 (JRE 5.0 Update 15)

1.5.0

Sun JRE 1.5.0_16 (JRE 5.0 Update 16)

1.5.0

Sun JRE 1.5.0_17 (JRE 5.0 Update 17)

1.5.0

Sun JRE 1.5.0_18 (JRE 5.0 Update 18)

1.5.0

Sun JRE 1.5.0_19 (JRE 5.0 Update 19)

1.5.0

Sun JRE 1.5.0_2 (JRE 5.0 Update 2)

1.5.0

Sun JRE 1.5.0_20 (JRE 5.0 Update 20)

1.5.0

Sun JRE 1.5.0_21 (JRE 5.0 Update 21)

1.5.0

Sun JRE 1.5.0_3 (JRE 5.0 Update 3)

1.5.0

Sun JRE 1.5.0_4 (JRE 5.0 Update 4)

1.5.0

Sun JRE 1.5.0_5 (JRE 5.0 Update 5)

1.5.0

Sun JRE 1.5.0_6 (JRE 5.0 Update 6)

1.5.0

Sun JRE 1.5.0_7 (JRE 5.0 Update 7)

1.5.0

Sun JRE 1.5.0_8 (JRE 5.0 Update 8)

1.5.0

Sun JRE 1.5.0_9 (JRE 5.0 Update 9)

1.5.0

Sun JRE 1.4.2

1.4.2

Sun JRE 1.4.2_1

1.4.2_1

Sun JRE 1.4.2_2

1.4.2_2

Sun JRE 1.4.2_3

1.4.2_3

Sun JRE 1.4.2_4

1.4.2_4

Sun JRE 1.4.2_5

1.4.2_5

Sun JRE 1.4.2_6

1.4.2_6

Sun JRE 1.4.2_7

1.4.2_7

Sun JRE 1.4.2_8

1.4.2_8

Sun JRE 1.4.2_9

1.4.2_9

Sun JRE 1.4.2_10

1.4.2_10

Sun JRE 1.4.2_11

1.4.2_11

Sun JRE 1.4.2_12

1.4.2_12

Sun JRE 1.4.2_13

1.4.2_13

Sun JRE 1.4.2_14

1.4.2_14

Sun JRE 1.4.2_15

1.4.2_15

Sun JRE 1.4.2_16

1.4.2_16

Sun JRE 1.4.2_17

1.4.2_17

Sun JRE 1.4.2_18

1.4.2_18

Sun JRE 1.4.2_19

1.4.2_19

Sun JRE 1.4.2_20

1.4.2_20

Sun JRE 1.4.2_21

1.4.2_21

Sun JRE 1.4.2_22

1.4.2_22

Sun JRE 1.4.2_23

1.4.2_23

Sun JRE 1.4.2_24

1.4.2_24

Sun JRE

Sun JDK 1.3.0

1.3.0

Sun SDK 1.3.0_01

1.3.0_01

Sun SDK 1.3.0_02

1.3.0_02

Sun SDK 1.3.0_03

1.3.0_03

Sun SDK 1.3.0_04

1.3.0_04

Sun SDK 1.3.0_05

1.3.0_05

Sun JDK 1.3.1

1.3.1

Sun JDK 1.3.1_01

1.3.1_01

Sun JDK 1.3.1_01a

1.3.1_01a

Sun JDK 1.3.1_02

1.3.1_02

Sun JDK 1.3.1_03

1.3.1_03

Sun JDK 1.3.1_04

1.3.1_04

Sun JDK 1.3.1_05

1.3.1_05

Sun JDK 1.3.1_06

1.3.1_06

Sun JDK 1.3.1_07

1.3.1_07

Sun JDK 1.3.1_08

1.3.1_08

Sun JDK 1.3.1_09

1.3.1_09

Sun JDK 1.3.1_10

1.3.1_10

Sun JDK 1.3.1_11

1.3.1_11

Sun JDK 1.3.1_12

1.3.1_12

Sun JDK 1.3.1_13

1.3.1_13

Sun JDK 1.3.1_14

1.3.1_14

Sun JDK 1.3.1_15

1.3.1_15

Sun JDK 1.3.1_16

1.3.1_16

Sun JDK 1.3.1_17

1.3.1_17

Sun JDK 1.3.1_18

1.3.1_18

Sun JDK 1.3.1_19

1.3.1_19

Sun JDK 1.3.1_20

1.3.1_20

Sun JDK 1.3.1_21

1.3.1_21

Sun JDK 1.3.1_22

1.3.1_22

Sun JDK 1.3.1_23

1.3.1_23

Sun JDK 1.3.1_24

1.3.1_24

Sun JDK 1.3.1_25

1.3.1_25

Sun JDK 1.3.1_26

1.3.1_26

Sun JDK

Sun J2RE 1.3.0

1.3.0

Sun J2RE 1.3.0_01

1.3.0

Sun J2RE 1.3.0_02

1.3.0

Sun J2RE 1.3.0_03

1.3.0

Sun J2RE 1.3.0_04

1.3.0

Sun J2RE 1.3.0_05

1.3.0

Sun J2RE 1.3.1

1.3.1

Sun JRE 1.3.1_01

1.3.1

Sun JRE 1.3.1_2

1.3.1

Sun JRE 1.3.1_2

1.3.1_2

Sun JRE 1.3.1_03

1.3.1_03

Sun JRE 1.3.1_04

1.3.1_04

Sun JRE 1.3.1_05

1.3.1_05

Sun JRE 1.3.1_06

1.3.1_06

Sun JRE 1.3.1_07

1.3.1_07

Sun JRE 1.3.1_08

1.3.1_08

Sun JRE 1.3.1_09

1.3.1_09

Sun JRE 1.3.1_10

1.3.1_10

Sun JRE 1.3.1_11

1.3.1_11

Sun JRE 1.3.1_12

1.3.1_12

Sun JRE 1.3.1_13

1.3.1_13

Sun JRE 1.3.1_14

1.3.1_14

Sun JRE 1.3.1_15

1.3.1_15

Sun JRE 1.3.1_16

1.3.1_16

Sun JRE 1.3.1_17

1.3.1_17

Sun JRE 1.3.1_18

1.3.1_18

Sun JRE 1.3.1_19

1.3.1_19

Sun JRE 1.3.1_20

1.3.1_20

Sun JRE 1.3.1_21

1.3.1_21

Sun JRE 1.3.1_22

1.3.1_22

Sun JRE 1.3.1_23

1.3.1_23

Sun JRE 1.3.1_24

1.3.1_24

Sun JRE 1.3.1_25

1.3.1_25

Sun JRE 1.3.1_26

1.3.1_26

Sun SDK 1.3.0

1.3.0

Sun SDK 1.3.0_01

1.3.0_01

Sun SDK 1.3.0_02

1.3.0_02

Sun SDK 1.3.0_03

1.3.0_03

Sun SDK 1.3.0_04

1.3.0_04

Sun SDK 1.3.0_05

1.3.0_05

Sun SDK 1.3.1

1.3.1

Sun SDK 1.3.1_01

1.3.1_01

Sun SDK 1.3.1_01a

1.3.1_01a

Sun SDK 1.3.1_02

1.3.1_02

Sun SDK 1.3.1_03

1.3.1_03

Sun SDK 1.3.1_04

1.3.1_04

Sun SDK 1.3.1_05

1.3.1_05

Sun SDK 1.3.1_06

1.3.1_06

Sun SDK 1.3.1_07

1.3.1_07

Sun SDK 1.3.1_08

1.3.1_08

Sun SDK 1.3.1_09

1.3.1_09

Sun SDK 1.3.1_10

1.3.1_10

Sun SDK 1.3.1_11

1.3.1_11

Sun SDK 1.3.1_12

1.3.1_12

Sun SDK 1.3.1_13

1.3.1_13

Sun SDK 1.3.1_14

1.3.1_14

Sun SDK 1.3.1_15

1.3.1_15

Sun SDK 1.3.1_16

1.3.1_16

Sun SDK 1.3.1_17

1.3.1_17

Sun SDK 1.3.1_18

1.3.1_18

Sun SDK 1.3.1_19

1.3.1_19

Sun SDK 1.3.1_20

1.3.1_20

Sun SDK 1.3.1_21

1.3.1_21

Sun SDK 1.3.1_22

1.3.1_22

Sun SDK 1.3.1_23

1.3.1_23

Sun SDK 1.3.1_24

1.3.1_24

Sun SDK 1.3.1_25

1.3.1_25

Sun SDK 1.3.1_26

1.3.1_26

References

SSRT100179

APPLE-SA-2010-05-18-1

APPLE-SA-2010-05-18-2

SUSE-SR:2010:008

SUSE-SR:2010:017

SSRT100089

HPSBMU02799

39317

Vendor Advisory

39659

Vendor Advisory

39819

Vendor Advisory

40211

Vendor Advisory

40545

Vendor Advisory

43308

Vendor Advisory

http://support.apple.com/kb/HT4170

http://support.apple.com/kb/HT4171

http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html

http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html

RHSA-2010:0337

RHSA-2010:0338

RHSA-2010:0383

RHSA-2010:0471

RHSA-2010:0489

20100405 ZDI-10-059: Sun Java Runtime Environment JPEGImageEncoderImpl Remote Code Execution Vulnerability

20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX

39062

http://www.vmware.com/security/advisories/VMSA-2011-0003.html

http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html

ADV-2010-1191

Vendor Advisory

ADV-2010-1454

Vendor Advisory

ADV-2010-1523

Vendor Advisory

ADV-2010-1793

Vendor Advisory

http://www.zerodayinitiative.com/advisories/ZDI-10-059

oval:org.mitre.oval:def:14503

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.