CERTA-2003-AVI-088
Vulnerability from certfr_avis

None

Description

Java Media Framework (JMF) est un paquetage Java (optionnel) permettant à une application Java de traiter des flux audio et vidéo.

Selon Sun, une vulnérabilité présente dans JMF peut être exploitée au moyen d'une apliquette (applet) téléchargée depuis un site hostile afin de réaliser une élévation de privilèges ou de forcer l'arrêt brutal de la Machine Virtuelle Java (JVM).

Solution

La version 2.1.1e du JMF corrige la vulnérabilité :

http://java.sun.com/products/java-media/jmf

Java Media Framework (JMF) versions 2.1.1, 2.1.1a, 2.1.1b et 2.1.1c.

Impacted products
Vendor Product Description
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eJava Media Framework (JMF) versions  2.1.1, 2.1.1a, 2.1.1b et 2.1.1c.\u003c/p\u003e",
  "content": "## Description\n\nJava Media Framework (JMF) est un paquetage Java (optionnel) permettant\n\u00e0 une application Java de traiter des flux audio et vid\u00e9o.\n\nSelon Sun, une vuln\u00e9rabilit\u00e9 pr\u00e9sente dans JMF peut \u00eatre exploit\u00e9e au\nmoyen d\u0027une apliquette (applet) t\u00e9l\u00e9charg\u00e9e depuis un site hostile afin\nde r\u00e9aliser une \u00e9l\u00e9vation de privil\u00e8ges ou de forcer l\u0027arr\u00eat brutal de\nla Machine Virtuelle Java (JVM).\n\n## Solution\n\nLa version 2.1.1e du JMF corrige la vuln\u00e9rabilit\u00e9 :\n\n    http://java.sun.com/products/java-media/jmf\n",
  "cves": [],
  "initial_release_date": "2003-05-19T00:00:00",
  "last_revision_date": "2003-05-19T00:00:00",
  "links": [
    {
      "title": "Alerte de s\u00e9curit\u00e9 #54760 \"JVM may crash  due to vulnerability in the Java Media Framework (JMF)\" de Sun :",
      "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F54760"
    }
  ],
  "reference": "CERTA-2003-AVI-088",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2003-05-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9 du Java Media Framework",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Alerte de s\u00e9curit\u00e9 #54760 de Sun",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.