Vulnerability CVE-2007-0243 - CERT Civis.Net

Vulnerability Name:

CVE-2007-0243 (CCN-31537)

Assigned:

2007-01-16

Published:

2007-01-16

Updated:

2018-10-30

Summary:

Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption.

CVSS v3 Severity:

9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.6 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
6.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2007-0243

Source: BEA
Type: UNKNOWN
BEA07-172.00

Source: CCN
Type: Apple Web site
About the security content of Java Release 6 for Mac OS X 10.4

Source: MISC
Type: UNKNOWN
http://docs.info.apple.com/article.html?artnum=307177

Source: HP
Type: UNKNOWN
HPSBUX02196

Source: APPLE
Type: UNKNOWN
APPLE-SA-2007-12-14

Source: OSVDB
Type: UNKNOWN
32834

Source: CCN
Type: RHSA-2007-0072
Critical: IBMJava2 security update

Source: CCN
Type: RHSA-2007-0166
Critical: java-1.4.2-ibm security update

Source: CCN
Type: RHSA-2007-0167
Critical: java-1.5.0-ibm security update

Source: CCN
Type: RHSA-2007-0956
Moderate: java-1.5.0-bea security update

Source: CCN
Type: RHSA-2008-0261
Moderate: Red Hat Network Satellite Server security update

Source: CCN
Type: RHSA-2008-0524
Low: Red Hat Network Satellite Server security update

Source: CCN
Type: SA23757
Sun Java JRE GIF Image Processing Buffer Overflow Vulnerability

Source: SECUNIA
Type: UNKNOWN
23757

Source: SECUNIA
Type: UNKNOWN
24189

Source: SECUNIA
Type: UNKNOWN
24202

Source: SECUNIA
Type: UNKNOWN
24468

Source: SECUNIA
Type: UNKNOWN
24993

Source: CCN
Type: SA25283
BEA JRockit Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
25283

Source: SECUNIA
Type: UNKNOWN
26049

Source: SECUNIA
Type: UNKNOWN
26119

Source: SECUNIA
Type: UNKNOWN
26645

Source: SECUNIA
Type: UNKNOWN
27203

Source: CCN
Type: SA28115
Mac OS X Java Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
28115

Source: GENTOO
Type: UNKNOWN
GLSA-200702-08

Source: SREASON
Type: UNKNOWN
2158

Source: CCN
Type: SECTRACK ID: 1017520
Java Runtime Environment GIF Image Buffer Overflow Lets Remote Applets Gain Elevated Privileges

Source: SECTRACK
Type: UNKNOWN
1017520

Source: SUNALERT
Type: Patch
102760

Source: CCN
Type: ASA-2007-027
Security Vulnerability in Processing GIF Images in the Java Runtime Environment May Allow an Untrusted Applet to Elevate Privileges (Sun 102760)

Source: CCN
Type: ASA-2007-119
HP-UX Java (JRE and JDK) Remote Execution of Arbitrary Code (HPSBUX02196)

Source: CCN
Type: ASA-2007-187
java-1.4.2-ibm and java-1.5.0-ibm security updates (RHSA-2007-166 and RHSA-2007-0167)

Source: CCN
Type: ASA-2007-465
java-1.5.0-bea security update (RHSA-2007-0956)

Source: CONFIRM
Type: UNKNOWN
http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html

Source: CONFIRM
Type: UNKNOWN
http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html

Source: CCN
Type: GLSA-200702-07
Sun JDK/JRE: Execution of arbitrary code

Source: GENTOO
Type: UNKNOWN
GLSA-200702-07

Source: CCN
Type: GLSA-200702-08
AMD64 x86 emulation Sun's J2SE Development Kit: Multiple vulnerabilities

Source: CCN
Type: Hitachi Security Vulnerability Information HS07-018
Buffer Overflow Vulnerability of Cosminexus, Processing Kit for XML, and Hitachi Developer's Kit for Java(TM)

Source: CCN
Type: US-CERT VU#388289
Sun Microsystems Java GIF image processing buffer overflow

Source: CERT-VN
Type: US Government Resource
VU#388289

Source: SUSE
Type: UNKNOWN
SUSE-SA:2007:045

Source: CCN
Type: OSVDB ID: 32834
Sun Java JRE / SDK GIF Processing Memory Corruption

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0166

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0167

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0956

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0261

Source: BUGTRAQ
Type: UNKNOWN
20070117 ZDI-07-005: Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability

Source: BUGTRAQ
Type: UNKNOWN
20070121 Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability Prove Of Concept Exploit

Source: BID
Type: UNKNOWN
22085

Source: CCN
Type: BID-22085
Sun Java RunTime Environment GIF Images Buffer Overflow Vulnerability

Source: CCN
Type: Sun Alert ID: 102760
Security Vulnerability in Processing GIF Images in the Java Runtime Environment May Allow an Untrusted Applet to Elevate Privileges

Source: CCN
Type: TLSA-2007-8
Heap Overflow

Source: CERT
Type: US Government Resource
TA07-022A

Source: VUPEN
Type: UNKNOWN
ADV-2007-0211

Source: VUPEN
Type: UNKNOWN
ADV-2007-0936

Source: VUPEN
Type: UNKNOWN
ADV-2007-1814

Source: VUPEN
Type: UNKNOWN
ADV-2007-4224

Source: MISC
Type: Patch, Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-07-005.html

Source: XF
Type: UNKNOWN
jre-gif-bo(31537)

Source: XF
Type: UNKNOWN
jre-gif-bo(31537)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11073

Source: CCN
Type: BEA07-172.00
Buffer Overflow in processing GIF images

Source: SUSE
Type: SUSE-SA:2007:045
IBM and Sun Java security problems

Source: CCN
Type: ZDI-07-005
Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability

Vulnerable Configuration:

Configuration 1:

cpe:/a:sun:jdk:1.5.0:update3:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update4:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update5:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update7:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update8:*:*:*:*:*:*

OR cpe:/a:sun:jdk:*:update9:*:*:*:*:*:* (Version <= 1.5.0)

OR cpe:/a:sun:jre:1.3.1:update16:*:*:*:*:*:*

OR cpe:/a:sun:jre:*:update18:*:*:*:*:*:* (Version <= 1.3.1)

OR cpe:/a:sun:jre:1.4.2_1:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_2:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_3:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_4:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_5:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_6:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_7:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_8:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_9:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_10:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_11:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_12:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update3:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update4:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update5:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update6:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update7:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update8:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update9:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_16:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_18:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_03:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_08:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_09:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:rhel_extras:3:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*

Configuration RedHat 3:

cpe:/a:redhat:rhel_extras:5:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:sun:jre:1.3.1:-:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2:-:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:-:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update3:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update7:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update8:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update9:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:-:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update1:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update2:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update3:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update4:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update5:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update6:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update7:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update7_b03:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update8:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update9:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1:update1:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1:update15:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1:update16:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1:update18:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1:update1a:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1:update4:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1:update8:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2:update1:linux:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2:update2:linux:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2:update3:linux:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2:update4:linux:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2:update5:linux:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update1:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update2:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update4:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update5:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update6:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_16:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_18:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_03:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_08:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_09:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_04:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_05:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_06:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_07:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_01:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_02:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_04:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_05:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_06:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_07:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_08:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_09:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_10:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_11:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_12:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_13:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_14:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_15:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_17:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1:update2:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1:update12:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1:update17:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_03:*:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*

OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*

OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:*

OR cpe:/a:redhat:rhel_extras:3:*:*:*:*:*:*:*

OR cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*

OR cpe:/o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*

OR cpe:/o:novell:suse_linux_enterprise_server:10:sp2:itanium_ia64:*:*:*:*:*

OR cpe:/o:turbolinux:turbolinux:fuji:*:*:*:*:*:*:*

OR cpe:/o:turbolinux:turbolinux:*:*:personal:*:*:*:*:*

OR cpe:/o:turbolinux:turbolinux:*:*:home:*:*:*:*:*

OR cpe:/o:turbolinux:turbolinux:*:*:multimedia:*:*:*:*:*

OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20070243	V	CVE-2007-0243	2015-11-16
oval:org.mitre.oval:def:21854	P	ELSA-2007:0167: java-1.5.0-ibm security update (Critical)	2014-05-26
oval:org.mitre.oval:def:22470	P	ELSA-2007:0166: java-1.4.2-ibm security update (Critical)	2014-05-26
oval:org.mitre.oval:def:22641	P	ELSA-2007:0956: java-1.5.0-bea security update (Moderate)	2014-05-26
oval:org.mitre.oval:def:11073	V	Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption.	2010-09-06
oval:com.redhat.rhsa:def:20070167	P	RHSA-2007:0167: java-1.5.0-ibm security update (Critical)	2008-03-20
oval:com.redhat.rhsa:def:20070956	P	RHSA-2007:0956: java-1.5.0-bea security update (Moderate)	2007-11-29
oval:com.redhat.rhsa:def:20070166	P	RHSA-2007:0166: java-1.4.2-ibm security update (Critical)	2007-04-25