Available Exploits 

• Java MixerSequencer Object GM_Song Structure Handling Vulnerability

Description

Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an uncontrolled array index that allows remote attackers to execute arbitrary code via a MIDI file with a crafted MixerSequencer object, related to the GM_Song structure.

References

• APPLE-APPLE-SA-2010-05-18-1
• APPLE-APPLE-SA-2010-05-18-2
• BID-39077
• CVE-2010-0842
• DISA_SEVERITY-Category I
• DISA_VMSKEY-V0027158
• IAVM-2011-A-0066
• OVAL-OVAL14101
• REDHAT-RHSA-2010:0337
• REDHAT-RHSA-2010:0338
• REDHAT-RHSA-2010:0383
• REDHAT-RHSA-2010:0471
• REDHAT-RHSA-2010:0489

Solution

Related Vulnerabilities

• VMSA-2011-0003: vCenter Server and ESX, Oracle (Sun) JRE is (CVE-2010-0842)
• RHSA-2010:0489: java-1.5.0-ibm security update
• RHSA-2010:0574: java-1.4.2-ibm security update
• SUSE Linux Security Advisory: SUSE-SR:2010:017
• RHSA-2010:0338: java-1.5.0-sun security update
• RHSA-2010:0471: Red Hat Network Satellite Server IBM Java Runtime security update
• HP Systems Insight Manager - HPSBMA02547 (CVE-2010-0842): HP-UX, Linux, and Windows, Remote Execution of Arbitrary Code and Other Vulnerabilities
• Gentoo Linux: CVE-2010-0842: Oracle JRE/JDK: Multiple vulnerabilities
• Java CPU March 2010 Sound vulnerability (CVE-2010-0842)
• SUSE Linux Security Advisory: SUSE-SR:2010:008
• Apple Java security update for CVE-2010-0842
• RHSA-2010:0337: java-1.6.0-sun security update
• RHSA-2010:0586: java-1.4.2-ibm-sap security update
• RHSA-2010:0383: java-1.6.0-ibm security update