BID:39082

Oracle Java SE and Java for Business CVE-2010-0850 Remote Java 2D Vulnerability

Info

Oracle Java SE and Java for Business CVE-2010-0850 Remote Java 2D Vulnerability

Bugtraq ID:	39082
Class:	Unknown
CVE:	CVE-2010-0850
Remote:	Yes
Local:	No
Published:	Mar 30 2010 12:00AM
Updated:	Feb 11 2011 03:50PM
Credit:	Dyon Balding of Secunia Research; Steve Dispensa of PhoneFactor; Stephen Fewer of iDefense; Brian Graversen of Signaturgruppen; Sami Koivu of TippingPoint's Zero Day Initiative; Alexandre Pelletier of VUPEN Security; Marsh Ray of PhoneFactor; Regenrecht of
Vulnerable:	VMWare vCenter 4.1 VMWare ESX Server 4.1 ESX410-201011402 VMWare ESX Server 4.1 VMWare ESX 4.1 Sun SDK (Windows Production Release) 1.3.1 _27 Sun SDK (Windows Production Release) 1.3.1 _21 Sun SDK (Windows Production Release) 1.3.1 _20 Sun SDK (Windows Production Release) 1.3.1 _19 Sun SDK (Windows Production Release) 1.3.1 _15 Sun SDK (Windows Production Release) 1.3.1 _14 Sun SDK (Windows Production Release) 1.3.1 _13 Sun SDK (Windows Production Release) 1.3.1 _12 Sun SDK (Windows Production Release) 1.3.1 _11 Sun SDK (Windows Production Release) 1.3.1 _10 Sun SDK (Windows Production Release) 1.3.1 _09 Sun SDK (Windows Production Release) 1.3.1 _08 Sun SDK (Windows Production Release) 1.3.1 _07 Sun SDK (Windows Production Release) 1.3.1 _06 Sun SDK (Windows Production Release) 1.3.1 _05 Sun SDK (Windows Production Release) 1.3.1 _04 Sun SDK (Windows Production Release) 1.3.1 _03 Sun SDK (Windows Production Release) 1.3.1 _02 Sun SDK (Windows Production Release) 1.3.1 _01a Sun SDK (Windows Production Release) 1.3.1_26 Sun SDK (Windows Production Release) 1.3.1_25 Sun SDK (Windows Production Release) 1.3.1_24 Sun SDK (Windows Production Release) 1.3.1_23 Sun SDK (Windows Production Release) 1.3.1_22 Sun SDK (Solaris Production Release) 1.3.1 _27 Sun SDK (Solaris Production Release) 1.3.1 _23 Sun SDK (Solaris Production Release) 1.3.1 _22 Sun SDK (Solaris Production Release) 1.3.1 _21 Sun SDK (Solaris Production Release) 1.3.1 _20 Sun SDK (Solaris Production Release) 1.3.1 _19 Sun SDK (Solaris Production Release) 1.3.1 _15 Sun SDK (Solaris Production Release) 1.3.1 _14 Sun SDK (Solaris Production Release) 1.3.1 _13 Sun SDK (Solaris Production Release) 1.3.1 _12 Sun SDK (Solaris Production Release) 1.3.1 _11 Sun SDK (Solaris Production Release) 1.3.1 _10 Sun SDK (Solaris Production Release) 1.3.1 _09 Sun SDK (Solaris Production Release) 1.3.1 _08 Sun SDK (Solaris Production Release) 1.3.1 _07 Sun SDK (Solaris Production Release) 1.3.1 _06 Sun SDK (Solaris Production Release) 1.3.1 _05 Sun SDK (Solaris Production Release) 1.3.1 _03 Sun SDK (Solaris Production Release) 1.3.1 _02 Sun SDK (Solaris Production Release) 1.3.1 _01 Sun SDK (Solaris Production Release) 1.3.1_26 Sun SDK (Solaris Production Release) 1.3.1_25 Sun SDK (Solaris Production Release) 1.3.1_24 Sun SDK (Solaris Production Release) 1.3.1_20 Sun SDK (Linux Production Release) 1.3.1 _27 Sun SDK (Linux Production Release) 1.3.1 _23 Sun SDK (Linux Production Release) 1.3.1 _22 Sun SDK (Linux Production Release) 1.3.1 _21 Sun SDK (Linux Production Release) 1.3.1 _20 Sun SDK (Linux Production Release) 1.3.1 _19 Sun SDK (Linux Production Release) 1.3.1 _15 Sun SDK (Linux Production Release) 1.3.1 _14 Sun SDK (Linux Production Release) 1.3.1 _13 Sun SDK (Linux Production Release) 1.3.1 _12 Sun SDK (Linux Production Release) 1.3.1 _11 Sun SDK (Linux Production Release) 1.3.1 _10 Sun SDK (Linux Production Release) 1.3.1 _09 Sun SDK (Linux Production Release) 1.3.1 _08 Sun SDK (Linux Production Release) 1.3.1 _07 Sun SDK (Linux Production Release) 1.3.1 _06 Sun SDK (Linux Production Release) 1.3.1 _05 Sun SDK (Linux Production Release) 1.3.1 _03 Sun SDK (Linux Production Release) 1.3.1 _02 Sun SDK (Linux Production Release) 1.3.1 _01 Sun SDK (Linux Production Release) 1.3.1_26 Sun SDK (Linux Production Release) 1.3.1_25 Sun SDK (Linux Production Release) 1.3.1_24 Sun JRE (Windows Production Release) 1.3.1 _27 Sun JRE (Windows Production Release) 1.3.1 _14 Sun JRE (Windows Production Release) 1.3.1 _13 Sun JRE (Windows Production Release) 1.3.1 _12 Sun JRE (Windows Production Release) 1.3.1 _11 Sun JRE (Windows Production Release) 1.3.1 _10 Sun JRE (Windows Production Release) 1.3.1 _09 Sun JRE (Windows Production Release) 1.3.1 _08 Sun JRE (Windows Production Release) 1.3.1 _07 Sun JRE (Windows Production Release) 1.3.1 _06 Sun JRE (Windows Production Release) 1.3.1 _05 Sun JRE (Windows Production Release) 1.3.1 _04 Sun JRE (Windows Production Release) 1.3.1 _03 Sun JRE (Windows Production Release) 1.3.1 _02 Sun JRE (Windows Production Release) 1.3.1 _01a Sun JRE (Windows Production Release) 1.3.1 _01 Sun JRE (Windows Production Release) 1.3.1 Sun JRE (Windows Production Release) 1.3.1_26 Sun JRE (Windows Production Release) 1.3.1_25 Sun JRE (Windows Production Release) 1.3.1_23 Sun JRE (Windows Production Release) 1.3.1_22 Sun JRE (Windows Production Release) 1.3.1_21 Sun JRE (Windows Production Release) 1.3.1_20 Sun JRE (Windows Production Release) 1.3.1_19 Sun JRE (Windows Production Release) 1.3.1_18 Sun JRE (Windows Production Release) 1.3.1_17 Sun JRE (Windows Production Release) 1.3.1_16 Sun JRE (Windows Production Release) 1.3.1_15 Sun JRE (Solaris Production Release) 1.3.1 _27 Sun JRE (Solaris Production Release) 1.3.1 _14 Sun JRE (Solaris Production Release) 1.3.1 _13 Sun JRE (Solaris Production Release) 1.3.1 _12 Sun JRE (Solaris Production Release) 1.3.1 _11 Sun JRE (Solaris Production Release) 1.3.1 _10 Sun JRE (Solaris Production Release) 1.3.1 _09 Sun JRE (Solaris Production Release) 1.3.1 _08 Sun JRE (Solaris Production Release) 1.3.1 _07 Sun JRE (Solaris Production Release) 1.3.1 _06 Sun JRE (Solaris Production Release) 1.3.1 _05 Sun JRE (Solaris Production Release) 1.3.1 _04 Sun JRE (Solaris Production Release) 1.3.1 _03 + Macromedia ColdFusion Server MX Professional + Macromedia ColdFusion Server MX Enterprise + Macromedia ColdFusion Server MX Developer Sun JRE (Solaris Production Release) 1.3.1 _02 Sun JRE (Solaris Production Release) 1.3.1 _01a Sun JRE (Solaris Production Release) 1.3.1 _01 Sun JRE (Solaris Production Release) 1.3.1 Sun JRE (Solaris Production Release) 1.3.1_26 Sun JRE (Solaris Production Release) 1.3.1_25 Sun JRE (Solaris Production Release) 1.3.1_23 Sun JRE (Solaris Production Release) 1.3.1_22 Sun JRE (Solaris Production Release) 1.3.1_21 Sun JRE (Solaris Production Release) 1.3.1_20 Sun JRE (Solaris Production Release) 1.3.1_19 Sun JRE (Solaris Production Release) 1.3.1_18 Sun JRE (Solaris Production Release) 1.3.1_17 Sun JRE (Solaris Production Release) 1.3.1_16 Sun JRE (Solaris Production Release) 1.3.1_15 Sun JRE (Linux Production Release) 1.3.1 _27 Sun JRE (Linux Production Release) 1.3.1 _21 Sun JRE (Linux Production Release) 1.3.1 _19 Sun JRE (Linux Production Release) 1.3.1 _18 Sun JRE (Linux Production Release) 1.3.1 _17 Sun JRE (Linux Production Release) 1.3.1 _16 Sun JRE (Linux Production Release) 1.3.1 _15 Sun JRE (Linux Production Release) 1.3.1 _14 Sun JRE (Linux Production Release) 1.3.1 _13 Sun JRE (Linux Production Release) 1.3.1 _12 Sun JRE (Linux Production Release) 1.3.1 _11 Sun JRE (Linux Production Release) 1.3.1 _10 Sun JRE (Linux Production Release) 1.3.1 _09 Sun JRE (Linux Production Release) 1.3.1 _08 Sun JRE (Linux Production Release) 1.3.1 _07 Sun JRE (Linux Production Release) 1.3.1 _06 Sun JRE (Linux Production Release) 1.3.1 _05 Sun JRE (Linux Production Release) 1.3.1 _04 Sun JRE (Linux Production Release) 1.3.1 _03 Sun JRE (Linux Production Release) 1.3.1 _02 Sun JRE (Linux Production Release) 1.3.1 _01a Sun JRE (Linux Production Release) 1.3.1 _01 Sun JRE (Linux Production Release) 1.3.1 Sun JRE (Linux Production Release) 1.3.1_26 Sun JRE (Linux Production Release) 1.3.1_25 Sun JRE (Linux Production Release) 1.3.1_23 Sun JRE (Linux Production Release) 1.3.1_22 Sun JRE (Linux Production Release) 1.3.1_21 Sun JRE (Linux Production Release) 1.3.1_20 S.u.S.E. SUSE Linux Enterprise 11 S.u.S.E. openSUSE 11.2 S.u.S.E. openSUSE 11.1 S.u.S.E. openSUSE 11.0 Pardus Linux 2009 0 HP Systems Insight Manager C.05.00.02 HP Systems Insight Manager C 05.00.02 HP Systems Insight Manager 6.0.0.96 HP Systems Insight Manager 5.3 Update 1 HP Systems Insight Manager 5.3 HP Systems Insight Manager 5.2 SP2 HP Systems Insight Manager 5.1 SP1 HP Systems Insight Manager 5.0 SP6 HP Systems Insight Manager 5.0 SP5 HP Systems Insight Manager 5.0 SP3 HP Systems Insight Manager 5.0 SP2 HP Systems Insight Manager 5.0 SP1 HP Systems Insight Manager 5.0 Gentoo Linux

Not Vulnerable:	VMWare vCenter 4.1 Update 1 VMWare ESX Server 4.1 ESX410-201101201 Sun SDK (Windows Production Release) 1.4.2_26 Sun SDK (Solaris Production Release) 1.4.2_26 Sun SDK (Linux Production Release) 1.4.2_26 Sun JRE (Windows Production Release) 1.6.0_19 Sun JRE (Solaris Production Release) 1.6.0_19 Sun JRE (Linux Production Release) 1.6.0_19 Sun JDK (Windows Production Release) 1.6.0_19 Sun JDK (Windows Production Release) 1.5.0_24 Sun JDK (Solaris Production Release) 1.6.0_19 Sun JDK (Solaris Production Release) 1.5.0_24 Sun JDK (Linux Production Release) 1.6.0_19 Sun JDK (Linux Production Release) 1.5.0_24 HP Systems Insight Manager 6.1

Discussion

Oracle Java SE and Java for Business CVE-2010-0850 Remote Java 2D Vulnerability

Oracle Java SE and Java for Business are prone to a remote vulnerability in Java 2D.

The vulnerability can be exploited over the 'Multiple' protocol. An attacker does not require privileges to exploit this vulnerability.

This vulnerability affects the following supported versions:
1.3.1_27

Exploit / POC

Oracle Java SE and Java for Business CVE-2010-0850 Remote Java 2D Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Oracle Java SE and Java for Business CVE-2010-0850 Remote Java 2D Vulnerability

Solution:
Updates are available. Please see the references for more information.

References

Oracle Java SE and Java for Business CVE-2010-0850 Remote Java 2D Vulnerability

References:

Oracle Java SE and Java for Business Critical Patch Update Advisory - March 2010 (Oracle)