CVE-2007-0243
Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability
Severity Score
6.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption.
Desbordamiento de búfer en el Sun JDK y el Java Runtime Environment (JRE) 5.0 Actualizada a la 9 y anteriores, SDK y JRE 1.4.2_12 y anteriores y SDK y JRE 1.3.1_18 y anteriores permite a los applets obtener privilegios mediante una imagen GIF con un bloque con un campo de longitud 0, el cual dispara una corrupción de memoria.
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Sun Microsystems Java Virtual Machine (JVM). User interaction is required to exploit this vulnerability in that the target must visit a malicious website.
The specific flaw exists during the parsing of GIF image components. When the image width in an image block of a valid GIF file is set to 0, the Java runtime will allocate the specified size but subsequently copy all data to the under allocated memory chunk. The overflow results in the corruption of multiple pointers, at least one of which is later dereferenced and can therefore result in execution of arbitrary code.
*Credits:
Anonymous
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-01-16 CVE Reserved
- 2007-01-16 CVE Published
- 2007-01-21 First Exploit
- 2024-06-11 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (43)
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/3168 | 2007-01-21 |
| URL | Date | SRC |
|---|---|---|
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1 | 2018-10-30 | |
| http://www.zerodayinitiative.com/advisories/ZDI-07-005.html | 2018-10-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | <= 1.5.0 Search vendor "Sun" for product "Jdk" and version " <= 1.5.0" | update9 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0" | update3 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0" | update4 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0" | update5 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0" | update7 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 1.5.0 Search vendor "Sun" for product "Jdk" and version "1.5.0" | update8 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | <= 1.3.1 Search vendor "Sun" for product "Jre" and version " <= 1.3.1" | update18 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.3.1 Search vendor "Sun" for product "Jre" and version "1.3.1" | update16 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.4.2_1 Search vendor "Sun" for product "Jre" and version "1.4.2_1" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.4.2_2 Search vendor "Sun" for product "Jre" and version "1.4.2_2" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.4.2_3 Search vendor "Sun" for product "Jre" and version "1.4.2_3" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.4.2_4 Search vendor "Sun" for product "Jre" and version "1.4.2_4" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.4.2_5 Search vendor "Sun" for product "Jre" and version "1.4.2_5" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.4.2_6 Search vendor "Sun" for product "Jre" and version "1.4.2_6" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.4.2_7 Search vendor "Sun" for product "Jre" and version "1.4.2_7" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.4.2_8 Search vendor "Sun" for product "Jre" and version "1.4.2_8" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.4.2_9 Search vendor "Sun" for product "Jre" and version "1.4.2_9" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.4.2_10 Search vendor "Sun" for product "Jre" and version "1.4.2_10" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.4.2_11 Search vendor "Sun" for product "Jre" and version "1.4.2_11" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.4.2_12 Search vendor "Sun" for product "Jre" and version "1.4.2_12" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0" | update3 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0" | update4 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0" | update5 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0" | update6 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0" | update7 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0" | update8 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0" | update9 |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.3.1_01 Search vendor "Sun" for product "Sdk" and version "1.3.1_01" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.3.1_01a Search vendor "Sun" for product "Sdk" and version "1.3.1_01a" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.3.1_16 Search vendor "Sun" for product "Sdk" and version "1.3.1_16" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.3.1_18 Search vendor "Sun" for product "Sdk" and version "1.3.1_18" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.4.2 Search vendor "Sun" for product "Sdk" and version "1.4.2" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.4.2_03 Search vendor "Sun" for product "Sdk" and version "1.4.2_03" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.4.2_08 Search vendor "Sun" for product "Sdk" and version "1.4.2_08" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.4.2_09 Search vendor "Sun" for product "Sdk" and version "1.4.2_09" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.4.2_10 Search vendor "Sun" for product "Sdk" and version "1.4.2_10" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.4.2_12 Search vendor "Sun" for product "Sdk" and version "1.4.2_12" | - |
Affected
| ||||||