Vulnerability Note VU#388289
Sun Microsystems Java GIF image processing buffer overflow
A vulnerability in the Sun Java Runtime Environment may allow an attacker to execute arbitrary code on a vulnerable system.
The Sun Java Runtime Environment (JRE) allows users to run Java applications in a browser or as standalone programs. Sun has made the JRE available for multiple operating systems. When a GIF image with a specified width of 0 is processed, the Sun JRE will overwrite memory contents, which can cause pointer corruption.
Note that exploit code for this vulnerability is publicly available.
A remote unauthenticated attacker may be able to execute arbitrary code.
Apply an update
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Sun Microsystems, Inc.||Affected||-||17 Jan 2007|
|Apple Computer, Inc.||Unknown||18 Jan 2007||18 Jan 2007|
|IBM eServer||Unknown||-||13 Feb 2007|
CVSS Metrics (Learn More)
Thanks to ZDI for reporting this vulnerability, who in turn credit an anonymous researcher.
This document was written by Will Dormann.
- CVE IDs: CVE-2007-0243
- Date Public: 16 Jan 2007
- Date First Published: 17 Jan 2007
- Date Last Updated: 16 May 2007
- Severity Metric: 31.47
- Document Revision: 23
If you have feedback, comments, or additional information about this vulnerability, please send us email.