CVE-2003-1572

Sun Java Media Framework (JMF) 2.1.1 through 2.1.1c allows unsigned applets to cause a denial of service (JVM crash) and read or write unauthorized memory locations via the ReadEnv class, as demonstrated by reading environment variables using modified .data and .size fields.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://archive.cert.uni-stuttgart.de/bugtraq/2003/06/msg00219.html
http://securitytracker.com/id?1006777
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F54760
http://www.illegalaccess.org/java/jmf.php

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sun:jmf:2.1.1:::::::*
	cpe:2.3:a:sun:jmf:2.1.1a:::::::*
	cpe:2.3:a:sun:jmf:2.1.1b:::::::*
	cpe:2.3:a:sun:jmf:2.1.1c:::::::*

History

No history.

Information

Published : 2009-06-01 22:30

Updated : 2024-02-28 11:21

NVD link : CVE-2003-1572

Mitre link : CVE-2003-1572

CVE.ORG link : CVE-2003-1572

JSON object : View

Products Affected

sun

jmf

CWE

NVD-CWE-noinfo

{"id": "CVE-2003-1572", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-06-01T22:30:00.187", "references": [{"url": "http://archive.cert.uni-stuttgart.de/bugtraq/2003/06/msg00219.html", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1006777", "source": "cve@mitre.org"}, {"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F54760", "source": "cve@mitre.org"}, {"url": "http://www.illegalaccess.org/java/jmf.php", "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Sun Java Media Framework (JMF) 2.1.1 through 2.1.1c allows unsigned applets to cause a denial of service (JVM crash) and read or write unauthorized memory locations via the ReadEnv class, as demonstrated by reading environment variables using modified .data and .size fields."}, {"lang": "es", "value": "Sun Java Media Framework (JMF) v2.1.1 a la 2.1.1c, permite a applets sin firmar provocar una denegaci\u00f3n de servicio (ca\u00edda de JVM) as\u00ed como la lectura o lectura no autorizada de regiones de memoria a trav\u00e9s de la clase ReadEnv, como se ha demostrado mediante la lectura de las variables de entorno empleando campos .data y .fields modificados."}], "lastModified": "2009-06-02T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sun:jmf:2.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C07F8DF0-43D5-49B5-B861-6859E0C6EBF1"}, {"criteria": "cpe:2.3:a:sun:jmf:2.1.1a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1EC62C8-4C42-4031-9163-BEC257D9D0E0"}, {"criteria": "cpe:2.3:a:sun:jmf:2.1.1b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A0F37CA-0B0D-42E8-97F5-4314A7E84DBC"}, {"criteria": "cpe:2.3:a:sun:jmf:2.1.1c:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D78D4E4-0230-4545-AC3E-445C26625998"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}