Vulnerability Note VU#138545

Java Runtime Environment Image Parsing Code buffer overflow vulnerability

Original Release date: 06 Jun 2007 | Last revised: 16 Jul 2007

Overview

The Sun Java Runtime Environment contains a buffer overflow vulnerability that may allow an attacker to execute code or read local files.

Description

The Java Runtime Environment (JRE) is a group software packages from Sun Microsystems that allow a computer to access and use Java applications. Sun distributes a JRE plug-in for web browsers that allow websites to include Java applications that can execute in the user's web browser. The JRE is part of the Java Development Kit (JDK).

The International Color Consortium (ICC) supports cross-platform color management systems. One of these systems is the ICC profile format.

There is a buffer overflow vulnerability in the Java Runtime Environment. From Sun Alert 102934:

    A buffer overflow vulnerability in the image parsing code in the Java Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.
The image parsers that come with the Java Development Kit (JDK) support embedded ICC profiles. The ICC parser that comes with the Sun JRE uses native code that contains the buffer overflow. More information is available in Chris Evans' security advisory CESA-2006-004.

Note that an attacker may be able to exploit this vulnerability by convincing a user to open a website that hosts a specially crafted Java applet.

Impact

A remote, unauthenticated attacker may be able to read or write files and execute code with the privileges of the user who is running the JRE.

Solution


Update
Sun has provided an update to address this issue. Users are encouraged to update to JRE 6 Update 1 or JRE 5.0 Update 11. Administrators should see Sun Alert 102934 for a full list of affected products and fixed software.

The Java Test Page can be used to determine what version of the Java JRE is currently installed. To adjust the JRE update settings, see the update section of the Java deployment guide.


Disable the JRE browser plug-in

Disabling the JRE browser plug-in may mitigate most web-based attacks against this vulnerability. See the Securing Your Web Browser document for more information on how to disable Java in your browser.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Sun Microsystems, Inc.Affected-06 Jun 2007
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Thanks to Sun for information that was used in this report. Sun thanks Chris Evans for reporting this vulnerability.

This document was written by Ryan Giobbi.

Other Information

  • CVE IDs: CVE-2007-2788
  • Date Public: 04 Jun 2007
  • Date First Published: 06 Jun 2007
  • Date Last Updated: 16 Jul 2007
  • Severity Metric: 12.39
  • Document Revision: 17

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.