HTTP: Sun Java Runtime Environment Type1 Font Parsing Integer Overflow Vulnerability
This signature detects known flaw in the Sun Java Runtime Environment software. It is due to signedness error while parsing certain Type1 font files. A remote attacker can exploit this vulnerability by enticing a target user to open a crafted HTML file. Successful exploitation may lead to arbitrary code execution on the target. In an attack case where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the logged in user. In an attack case where code injection is not successful, the affected process will terminate abnormally.
Extended Description
Sun Java Runtime Environment and Java Development Kit are prone to multiple security vulnerabilities. Successful exploits may allow attackers to violate the same-origin policy, obtain sensitive information, bypass security restrictions, run untrusted applets with elevated privileges, and cause denial-of-service conditions. This may result in a compromise of affected computers. These issues affect versions *prior to* the following: JDK and JRE 6 Update 13 JDK and JRE 5.0 Update 18 SDK and JRE 1.4.2_20 SDK and JRE 1.3.1_25
Affected Products
Nortel_networks self-service_speech_server,Red_hat enterprise_linux_supplementary_eus
Short Name
HTTP:STC:JAVA:TYPE1-FONT
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2009-1099 Environment Font Integer Java Overflow Parsing Runtime Sun Type1 Vulnerability bid:34240
Release Date
12/21/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
Vendors
Red_hat
Suse
Apple
Gentoo
Sun
Hp
Avaya
Mandriva
Pardus
Ubuntu
Oracle
Nortel_networks
Debian
Vmware
CVSS Score
7.5