// For flags

CVE-2010-0838

Sun Java Runtime CMM readMabCurveData Remote Code Execution Vulnerability

Severity Score

7.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow using an untrusted size value in the readMabCurveData function in the CMM module in the JVM.

Vulnerabilidad no especificada en el componente Java 2D en Oracle Java SE y Java for Business 6 Update 18, 5.0, Update y 23 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos. NOTA: la información previa fue obtenida de la CPU Marzo 2010. Oracle no ha comentado sobre alegaciones de un investigador confiable de que esto es un desbordamiento de búfer basado en pila utilizando un valor de tamaño no confiable en la función readMabCurveData en el módulo CMM en JVM.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun's Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
The specific flaw exists within the CMM module of the Sun JVM. This module contains a function readMabCurveData. An applet can indirectly call this function and provide it with a malicious curv object. The function trusts the size of the curv element implicitly and copies the data into a fixed-length stack buffer. Exploitation of this issue can lead to arbitrary code execution under the context of the user invoking the applet.

*Credits: Stephen Fewer of Harmony Security (www.harmonysecurity.com)
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2010-03-03 CVE Reserved
  • 2010-04-01 CVE Published
  • 2010-09-20 First Exploit
  • 2024-05-19 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
References (40)
URL Tag Source
http://support.apple.com/kb/HT4170 X_refsource_confirm
http://support.apple.com/kb/HT4171 X_refsource_confirm
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html X_refsource_confirm
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html X_refsource_confirm
http://www.securityfocus.com/archive/1/510534/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/516397/100/0/threaded Mailing List
http://www.securityfocus.com/bid/39069 Vdb Entry
http://www.vmware.com/security/advisories/VMSA-2011-0003.html X_refsource_confirm
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html X_refsource_confirm
http://www.zerodayinitiative.com/advisories/ZDI-10-061 X_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/57346 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10482 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13923 Signature
URL Date SRC
https://www.exploit-db.com/exploits/15056 2010-09-20
URL Date SRC
URL Date SRC
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 2018-10-10
http://lists.apple.com/archives/security-announce/2010//May/msg00001.html 2018-10-10
http://lists.apple.com/archives/security-announce/2010//May/msg00002.html 2018-10-10
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html 2018-10-10
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html 2018-10-10
http://marc.info/?l=bugtraq&m=127557596201693&w=2 2018-10-10
http://marc.info/?l=bugtraq&m=134254866602253&w=2 2018-10-10
http://secunia.com/advisories/39292 2018-10-10
http://secunia.com/advisories/39317 2018-10-10
http://secunia.com/advisories/39659 2018-10-10
http://secunia.com/advisories/39819 2018-10-10
http://secunia.com/advisories/40545 2018-10-10
http://secunia.com/advisories/43308 2018-10-10
http://ubuntu.com/usn/usn-923-1 2018-10-10
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084 2018-10-10
http://www.redhat.com/support/errata/RHSA-2010-0337.html 2018-10-10
http://www.redhat.com/support/errata/RHSA-2010-0338.html 2018-10-10
http://www.redhat.com/support/errata/RHSA-2010-0339.html 2018-10-10
http://www.redhat.com/support/errata/RHSA-2010-0383.html 2018-10-10
http://www.redhat.com/support/errata/RHSA-2010-0471.html 2018-10-10
http://www.vupen.com/english/advisories/2010/1107 2018-10-10
http://www.vupen.com/english/advisories/2010/1191 2018-10-10
http://www.vupen.com/english/advisories/2010/1454 2018-10-10
http://www.vupen.com/english/advisories/2010/1793 2018-10-10
https://access.redhat.com/security/cve/CVE-2010-0838 2010-06-14
https://bugzilla.redhat.com/show_bug.cgi?id=575808 2010-06-14
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 <= 1.6.0
Search vendor "Sun" for product "Jre" and version " <= 1.6.0"
update_18
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.6.0
Search vendor "Sun" for product "Jre" and version "1.6.0"
-
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.6.0
Search vendor "Sun" for product "Jre" and version "1.6.0"
update_1
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.6.0
Search vendor "Sun" for product "Jre" and version "1.6.0"
update_10
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.6.0
Search vendor "Sun" for product "Jre" and version "1.6.0"
update_11
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.6.0
Search vendor "Sun" for product "Jre" and version "1.6.0"
update_12
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.6.0
Search vendor "Sun" for product "Jre" and version "1.6.0"
update_13
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.6.0
Search vendor "Sun" for product "Jre" and version "1.6.0"
update_14
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.6.0
Search vendor "Sun" for product "Jre" and version "1.6.0"
update_15
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.6.0
Search vendor "Sun" for product "Jre" and version "1.6.0"
update_16
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.6.0
Search vendor "Sun" for product "Jre" and version "1.6.0"
update_17
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.6.0
Search vendor "Sun" for product "Jre" and version "1.6.0"
update_2
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.6.0
Search vendor "Sun" for product "Jre" and version "1.6.0"
update_3
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.6.0
Search vendor "Sun" for product "Jre" and version "1.6.0"
update_4
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.6.0
Search vendor "Sun" for product "Jre" and version "1.6.0"
update_5
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.6.0
Search vendor "Sun" for product "Jre" and version "1.6.0"
update_6
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.6.0
Search vendor "Sun" for product "Jre" and version "1.6.0"
update_7
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 <= 1.6.0
Search vendor "Sun" for product "Jdk" and version " <= 1.6.0"
update_18
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.6.0
Search vendor "Sun" for product "Jdk" and version "1.6.0"
-
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.6.0
Search vendor "Sun" for product "Jdk" and version "1.6.0"
update_10
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.6.0
Search vendor "Sun" for product "Jdk" and version "1.6.0"
update_11
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.6.0
Search vendor "Sun" for product "Jdk" and version "1.6.0"
update_12
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.6.0
Search vendor "Sun" for product "Jdk" and version "1.6.0"
update_13
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.6.0
Search vendor "Sun" for product "Jdk" and version "1.6.0"
update_14
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.6.0
Search vendor "Sun" for product "Jdk" and version "1.6.0"
update_15
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.6.0
Search vendor "Sun" for product "Jdk" and version "1.6.0"
update_16
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.6.0
Search vendor "Sun" for product "Jdk" and version "1.6.0"
update_17
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.6.0
Search vendor "Sun" for product "Jdk" and version "1.6.0"
update_3
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.6.0
Search vendor "Sun" for product "Jdk" and version "1.6.0"
update_4
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.6.0
Search vendor "Sun" for product "Jdk" and version "1.6.0"
update_5
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.6.0
Search vendor "Sun" for product "Jdk" and version "1.6.0"
update_6
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.6.0
Search vendor "Sun" for product "Jdk" and version "1.6.0"
update_7
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.6.0
Search vendor "Sun" for product "Jdk" and version "1.6.0"
update1
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.6.0
Search vendor "Sun" for product "Jdk" and version "1.6.0"
update1_b06
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.6.0
Search vendor "Sun" for product "Jdk" and version "1.6.0"
update2
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 <= 1.5.0
Search vendor "Sun" for product "Jdk" and version " <= 1.5.0"
update23
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.5.0
Search vendor "Sun" for product "Jdk" and version "1.5.0"
-
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.5.0
Search vendor "Sun" for product "Jdk" and version "1.5.0"
update1
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.5.0
Search vendor "Sun" for product "Jdk" and version "1.5.0"
update10
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.5.0
Search vendor "Sun" for product "Jdk" and version "1.5.0"
update11
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.5.0
Search vendor "Sun" for product "Jdk" and version "1.5.0"
update12
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.5.0
Search vendor "Sun" for product "Jdk" and version "1.5.0"
update13
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.5.0
Search vendor "Sun" for product "Jdk" and version "1.5.0"
update14
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.5.0
Search vendor "Sun" for product "Jdk" and version "1.5.0"
update15
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.5.0
Search vendor "Sun" for product "Jdk" and version "1.5.0"
update16
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.5.0
Search vendor "Sun" for product "Jdk" and version "1.5.0"
update17
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.5.0
Search vendor "Sun" for product "Jdk" and version "1.5.0"
update18
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.5.0
Search vendor "Sun" for product "Jdk" and version "1.5.0"
update19
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.5.0
Search vendor "Sun" for product "Jdk" and version "1.5.0"
update2
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.5.0
Search vendor "Sun" for product "Jdk" and version "1.5.0"
update20
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.5.0
Search vendor "Sun" for product "Jdk" and version "1.5.0"
update21
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.5.0
Search vendor "Sun" for product "Jdk" and version "1.5.0"
update3
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.5.0
Search vendor "Sun" for product "Jdk" and version "1.5.0"
update4
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.5.0
Search vendor "Sun" for product "Jdk" and version "1.5.0"
update5
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.5.0
Search vendor "Sun" for product "Jdk" and version "1.5.0"
update6
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.5.0
Search vendor "Sun" for product "Jdk" and version "1.5.0"
update7
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.5.0
Search vendor "Sun" for product "Jdk" and version "1.5.0"
update8
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.5.0
Search vendor "Sun" for product "Jdk" and version "1.5.0"
update9
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 <= 1.5.0
Search vendor "Sun" for product "Jre" and version " <= 1.5.0"
update23
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.5.0
Search vendor "Sun" for product "Jre" and version "1.5.0"
-
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.5.0
Search vendor "Sun" for product "Jre" and version "1.5.0"
update1
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.5.0
Search vendor "Sun" for product "Jre" and version "1.5.0"
update10
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.5.0
Search vendor "Sun" for product "Jre" and version "1.5.0"
update11
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.5.0
Search vendor "Sun" for product "Jre" and version "1.5.0"
update12
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.5.0
Search vendor "Sun" for product "Jre" and version "1.5.0"
update13
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.5.0
Search vendor "Sun" for product "Jre" and version "1.5.0"
update14
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.5.0
Search vendor "Sun" for product "Jre" and version "1.5.0"
update15
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.5.0
Search vendor "Sun" for product "Jre" and version "1.5.0"
update16
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.5.0
Search vendor "Sun" for product "Jre" and version "1.5.0"
update17
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.5.0
Search vendor "Sun" for product "Jre" and version "1.5.0"
update18
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.5.0
Search vendor "Sun" for product "Jre" and version "1.5.0"
update19
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.5.0
Search vendor "Sun" for product "Jre" and version "1.5.0"
update2
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.5.0
Search vendor "Sun" for product "Jre" and version "1.5.0"
update20
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.5.0
Search vendor "Sun" for product "Jre" and version "1.5.0"
update21
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.5.0
Search vendor "Sun" for product "Jre" and version "1.5.0"
update3
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.5.0
Search vendor "Sun" for product "Jre" and version "1.5.0"
update4
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.5.0
Search vendor "Sun" for product "Jre" and version "1.5.0"
update5
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.5.0
Search vendor "Sun" for product "Jre" and version "1.5.0"
update6
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.5.0
Search vendor "Sun" for product "Jre" and version "1.5.0"
update7
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.5.0
Search vendor "Sun" for product "Jre" and version "1.5.0"
update8
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.5.0
Search vendor "Sun" for product "Jre" and version "1.5.0"
update9
Affected