HP-UX: CVE-2010-3559: Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.
|10||(AV:N/AC:L/Au:N/C:C/I:C/A:C)||October 19, 2010||August 11, 2017||September 12, 2017|
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this involves an incorrect sign extension in the HeadspaceSoundbank.nGetName function, which allows attackers to execute arbitrary code via a crafted BANK record that leads to a buffer overflow.
Scan For This Vulnerability
Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities
- SUSE Linux Security Advisory: SUSE-SR:2010:019
- RHSA-2010:0770: java-1.6.0-sun security update
- RHSA-2010:0807: java-1.5.0-ibm security update
- RHSA-2010:0873: java-1.5.0-ibm security update
- SUSE Linux Security Vulnerability: CVE-2010-3559
- Java CPU October 2010 Sound vulnerability (CVE-2010-3559)
- VMSA-2011-0003: vCenter Update Manager Oracle (Sun) JRE is updated to version 1.5.0_26 (CVE-2010-3559)
- SUSE Linux Security Advisory: SUSE-SA:2011:006
- Gentoo Linux: CVE-2010-3559: Oracle JRE/JDK: Multiple vulnerabilities
- VMSA-2011-0013: vCenter Server and ESX, Oracle (Sun) JRE update 1.6.0_24 (CVE-2010-3559)