CVE-2010-3559
Oracle Java Runtime HeadspaceSoundbank.nGetName BANK Record Size Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
257Public Exploits
0Exploited in Wild
-Decision
Descriptions
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this involves an incorrect sign extension in the HeadspaceSoundbank.nGetName function, which allows attackers to execute arbitrary code via a crafted BANK record that leads to a buffer overflow.
Vulnerabilidad sin especificar en el componente Sound en Oracle Java SE y Java for Business 6 Update 21, v5.0 Update 25, v1.4.2_27 y v 1.3.1_28 permite a atacantes remotos comprometer la confidencialidad, integridad y disponibilidad a través de vectores desconocidos.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the support for processing SoundBank files. While parsing BANK records, the HeadspaceSoundbank.nGetName function improperly sign-extends the one byte value into 4 bytes. It is later used as the size to a memcpy when operating on the BANK record's data. An attacker can abuse this to execute arbitrary code under the context of the user running the web browser.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-09-20 CVE Reserved
- 2010-10-12 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (20)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/41967 | Third Party Advisory | |
| http://secunia.com/advisories/42974 | Third Party Advisory | |
| http://support.avaya.com/css/P8/documents/100114315 | X_refsource_confirm | |
| http://support.avaya.com/css/P8/documents/100123193 | X_refsource_confirm | |
| http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html | X_refsource_confirm |
|
| http://www.securityfocus.com/archive/1/516397/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/44026 | Vdb Entry | |
| http://www.vmware.com/security/advisories/VMSA-2011-0003.html | X_refsource_confirm | |
| http://www.zerodayinitiative.com/advisories/ZDI-10-208 | X_refsource_misc |
|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitr... | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.oracle.com/technetwork/topics/security/javacpuoct... | 2018-10-30 |