Check Point Reference: | CPAI-2012-204 |
Date Published: | 28 May 2012 |
Severity: | High |
Last Updated: | Friday 22 November, 2024 |
Source: | CVE-2012-0499 |
Protection Provided by: |
Security Gateway |
Who is Vulnerable? | Oracle Java Runtime Environment (JRE) 1.4.2_35 and prior Oracle Java Runtime Environment (JRE) 5 Update 33 and prior Oracle Java Runtime Environment (JRE) 6 Update 30 and prior Oracle Java Runtime Environment (JRE) 7 Update 2 and prior Oracle Java Development Kit (JDK) 1.4.2_35 and prior Oracle Java Development Kit (JDK) 5 Update 33 and prior Oracle Java Development Kit (JDK) 6 Update 30 and prior Oracle Java Development Kit (JDK) 7 Update 2 and prior |
Vulnerability Description | A heap buffer overflow vulnerability has been reported in the Java Runtime Environment (JRE) component. |
Vulnerability Details | The vulnerability is due to failure to check certain values while processing IDEF opcodes. A remote attacker can exploit this issue by enticing target users to view a specially crafted web-page. Successful exploitation would cause memory corruption in a way that may lead to arbitrary code execution or terminate the application abnormally. |
This protection will detect and block malicious TTF files.
In order for the protection to be activated, update your product to the latest update. For information on how to update , go to SBP-2006-05, Protection tab and select the version of your choice.
SmartView Tracker will log the following entries:
Attack Name: Oracle Protection Violation
Attack Information: Oracle Java Runtime True Type Font IDEF Opcode Heap Buffer Overflow