Release DateApr 22, 2010 |
Severityhigh |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attack attempt against a buffer-overflow vulnerability in Oracle Java.The vulnerability is caused by an error when the vulnerable software handles a malicious soundbank file. It allows a remote attacker to execute arbitrary code via sending a crafted .jar file. |
Affected ProductsOracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 |
Recommended ActionsUpgrade to a latest version. Please refer to the vendor's web site:http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2010-0839 |
Reference/shttp://www.securityfocus.com/bid/39070 (BugTraq) |
