HTTP: Oracle Java SE and Java for Business 'MixerSequencer' Remote Code Execution
This signature detects attempts to exploit a known vulnerability against Oracle Java. A successful attack can lead to arbitrary code execution.
Extended Description
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an uncontrolled array index that allows remote attackers to execute arbitrary code via a MIDI file with a crafted MixerSequencer object, related to the GM_Song structure.
Affected Products
Sun jre
Short Name
HTTP:STC:DL:MIXERSEQUENCER-RCE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
'MixerSequencer' Business CVE-2010-0842 Code Execution Java Oracle Remote SE and bid:39077 for
Release Date
06/09/2015
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
False Positive
Unknown
Vendors
Sun
CVSS Score
7.5