Oracle Java XGetSamplePtrFromSnd Memory Corruption (CVE-2010-4462)
| Check Point Reference: | CPAI-2011-329 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Secunia Advisory SA43262 | |
| Industry Reference(s): | CVE-2010-4462 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Oracle Java for Business JDK and JRE 5.0 Update 27 and prior Oracle Java for Business JDK and JRE 6 Update 23 and prior Oracle Java for Business SDK and JRE 1.4.2_29 and prior Oracle Java SE JDK 5.0 Update 27 and prior Oracle Java SE JDK and JRE 6 Update 23 and prior Oracle Java SE SDK 1.4.2_29 and prior | ||
| Vulnerability Description A memory corruption vulnerability has been reported in Oracle JRE and JDK. The vulnerability is triggered when Java processes malicious Soundbank streams. Successful exploitation could result in execution of arbitrary code within the security context of the current user. |
||
|
Vulnerability Details This is a memory corruption vulnerability in Oracle JRE and JDK. The vulnerability is due to an input validation error within the XGetSamplePtrFromSnd function while processing user supplied Soundbank streams. |
Protection Overview
This protection detects and blocks the transfer of malformed Rich Music Format(RMF) files over HTTP.
To configure the defense, select your product from the list below and follow the related protection steps.