SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Oracle Java Media Framework Vendors:   Sun
Java Media Framework Bug May Let Remote Applets Crash the Java Virtual Machine or Gain Unauthorized Privileges
SecurityTracker Alert ID:  1006777
SecurityTracker URL:  http://securitytracker.com/id/1006777
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 15 2003
Impact:   Denial of service via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.1.1, 2.1.1a, 2.1.1b, and 2.1.1c
Description:   An unspecified vulnerability was reported in Sun's Java Media Framework. A remote applet can cause denial of service conditions or gain privileges on the system.

It is reported that a malicious applet can cause the Java Virtual Machine to crash. A malicious applet can also gain unauthorized privileges on the target system. No further details were provided.

Sun credits Marc Schoenefeld for reporting this flaw.

Impact:   A remote user can create a Java applet that, when loaded by the target user, will cause the target user's Java Virtual Machine to crash or will yield privileges on the target system to the applet.
Solution:   Sun has released a fixed version (2.1.1e) of the Java Media Framework for Windows, Solaris, and Linux, available at:

http://java.sun.com/products/java-media/jmf/index.html

Vendor URL:  sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F54760 (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Any), UNIX (Solaris - SunOS), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jun 25 2003 (Exploit Information is Available) Re: Java Media Framework Bug May Let Remote Applets Crash the Java Virtual Machine or Gain Unauthorized Privileges
Some exploit information has been provided.



 Source Message Contents

Subject:  Java Virtual Machine (JVM) May Crash Due to Vulnerability in the


http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F54760

Java Virtual Machine (JVM) May Crash Due to Vulnerability in the Java Media Framework (JMF)

Sun issued Sun Alert 54760 warning of a vulnerability in the Java(TM) Media Framework 
(JMF).  An untrusted applet could crash the Java Virtual Machine (JVM) or potentially gain 
unauthorized privileges.

Sun credits Marc Schoenefeld for reporting this flaw.

Java Media Framework (JMF) versions 2.1.1, 2.1.1a, 2.1.1b, and 2.1.1c are affected 
(Windows, Solaris, and Linux).

Sun has released the following fixes:

Java Media Framework (JMF) 2.1.1e or later for Windows, Solaris, and Linux

http://java.sun.com/products/java-media/jmf/index.html

-----

Sun Alert ID: 54760
Synopsis: Java Virtual Machine (JVM) May Crash Due to Vulnerability in the Java Media 
Framework (JMF)
Category: Security
Product: Java Media Framework
BugIDs: 4850093
Avoidance: Upgrade
State: Resolved
Date Released: 14-May-2003
Date Closed: 14-May-2003
Date Modified:



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC