Secunia Logo  


Secunia PSI WorldMap
 
Sun Java Predictable File Location Weakness
Secunia Advisory: SA12043
Release Date: 2004-07-12
Popularity: 11,266 views

Critical:
Not critical
Impact: Unknown
Where: From remote
Solution Status: Unpatched

Software:Sun Java JRE 1.1.x
Sun Java JRE 1.2.x
Sun Java JRE 1.3.x
Sun Java JRE 1.4.x

Secunia CVSS-2 Score: Available in Secunia business solutions

Subscribe: Instant alerts on relevant vulnerabilities


Advisory Content (Page 1 of 3)[ 1 ] [ 2 ] [ 3 ]

Description:
A weakness has been reported in Sun Java, allowing malicious websites to write arbitrary content to a file with an easily guessable name.

The problem is that Sun Java creates a temporary file with the contents of the array passed to the "Font.createFont" method. A specially crafted array may also cause the Java VM (Virtual Machine) to crash.

The temporary file creation in itself is not a vulnerability and should not pose any risk to the system. However, combined with certain Microsoft Internet Explorer functionality and vulnerabilities this can be exploited to compromise a vulnerable system.

A PoC (Proof of Concept) exploit has been published, which:

1) Uses the weakness in Sun Java to create a temporary file.

2) Exploits a file enumeration vulnerability to find the name of the temporary file (100,000 possible combinations).
SA10820

3) Exploits a Cross-Zone vulnerability and uses the inherently insecure Windows "shell:" functionality:
SA11793

Change Page:
[ 1 ] [ 2 ] [ 3 ]



Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.

Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
  
Latest Advisories

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.

Ideas, suggestions, and other feedback are most welcome.

Most Popular - 3 Hours

1. Microsoft DirectShow Streaming Video ActiveX Control Vulnerabilities // 46 views
2. Internet Explorer Charset Inheritance Cross-Site Scripting Vulnerability // 40 views
3. Adobe Flash Player Multiple Vulnerabilities // 37 views
4. phpBB Cross Site Scripting and Unspecified Vulnerabilities // 22 views
5. Sun Java JDK / JRE Multiple Vulnerabilities // 21 views
6. Adobe Reader/Acrobat Multiple Vulnerabilities // 20 views
7. Apple Safari Two WebKit Component Vulnerabilities // 20 views
8. Subdreamer Light Global Variables SQL Injection Vulnerability // 19 views
9. Internet Explorer 7 Window Injection Vulnerability // 14 views
10. eEye Retina WiFi Scanner ".rws" Handling Buffer Overflow // 14 views