MS-ISAC ADVISORY NUMBER:
2009-025

DATE(S) ISSUED:
5/14/2009

SUBJECT:
Multiple Vulnerabilities in Sun Java Runtime Environment ActiveX Control Could Allow for Remote Code Execution

OVERVIEW:

Multiple vulnerabilities have been discovered in the Java Runtime Environment (JRE). Sun Java Runtime Environment includes an ActiveX control used to download and execute Java applications. ActiveX controls are small programs or animations that are downloaded or embedded in Web pages which will typically enhance functionality and user experience.

The identified vulnerabilities may be exploited if a user visits a specifically crafted web page. Successful exploitation will result in an attacker gaining the same user privileges as the logged on user. Depending on the privileges associated with this user account, an attacker could then install programs; view, change, or delete data; or create new accounts.

Currently, there is no patch available for these vulnerabilities.

SYSTEMS AFFECTED:

  • Sun JRE 6.0 Update 7
  • Sun JRE 6.0 Update 6
  • Sun JRE 6.0 Update 5
  • Sun JRE 6.0 Update 4
  • Sun JRE 6.0 Update 3
  • Sun JRE 6.0 Update 2
  • Sun JRE 6.0 Update 13
  • Sun JRE 6.0 Update 12
  • Sun JRE 6.0 Update 11
  • Sun JRE 6.0 Update 10
  • Sun JRE 6.0 Update 1

RISK:

Government:
Large and medium government entities: High
Small government entities: High

Businesses:
Large and medium business entities: High
Small business entities: High

Home users: High

DESCRIPTION:
Multiple buffer-overflow vulnerabilities have been discovered in an ActiveX control for the Sun Java Runtime Environment. Sun Java Runtime Environment fails to perform adequate boundary checks on user-supplied data. This could lead to an attacker executing malicious code to corrupt the victim host memory. Successful exploitation of these vulnerabilities may allow for remote code execution in an application that uses the ActiveX control such as web browsers. These vulnerabilities may be exploited if a user visits a specifically crafted web page. Failed attack attempts will cause a denial-of-service. The affected ActiveX control is identified by the follow class identifier:

CLSID: CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA

Specifically, the following methods of the ActiveX control are vulnerable.

'setInstallerType'
'setAdditionalPackages'
'compareVersion'
'getStaticCLSID'
'launch'

RECOMMENDATIONS:
We recommend the following actions be taken:

  • Consider setting the kill bit on the Class Identifier (CLSID) {CLSID - CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA.}; further instructions on how to set the kill bit can be found at the following location: http://support.microsoft.com/kb/240797(New Window)
  • Do not visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Do not download or open files from un-trusted websites.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Apply appropriate patch provided by Sun Microsystems to vulnerable systems as soon as it becomes available.
  • Ensure that all anti-virus software is up to date with the latest signatures.

REFERENCES:

Security Focus:
http://www.securityfocus.com/bid/34931/info(New Window)

Microsoft:
http://support.microsoft.com/kb/240797(New Window)


This cyber advisory was issued by the Multi-State Information Sharing and Analysis Center (MS-ISAC) and was intended for government entities. The information may or may not be applicable to the general public and accordingly, the MS-ISAC does not warrant its use for any specific purposes.