Oracle Java Heap Buffer Overflow (Nov 1, 2012)
Java is a programming language originally developed by James Gosling at Sun Microsystems (which has since merged into Oracle Corporation) and released in 1995 as a core component of Sun Microsystems’ Java platform. Java applications are typically compiled to bytecode (class file) that can run on any Java virtual machine (JVM) regardless of computer architecture. Java is a general-purpose, concurrent, class-based, object-oriented language that is specifically designed to have as few implementation dependencies as possible. Java is distributed in the form of various tools such as the Java Runtime Environment (JRE) and the Java Development Kit (JDK).
The JRE is a software platform that contains the Java Virtual Machine (JVM), Java libraries and other various components. End-users commonly use a Java Runtime Environment (JRE) installed on their own machine for standalone Java applications, or in a Web browser for Java applets. Standardized libraries provide a generic way to access host-specific features such as graphics, threading, and networking. The JDK is primarily a toolkit for developers and consists of the Java loader, compiler, libraries, debugger and several other tools. These libraries enable Java to parse various graphics and media content. The common graphics library packages of Java are the Abstract Windowing Toolkit (AWT) and Swing packages.
TrueType is an outline font standard developed by Apple Computer in the late 1980s as a competitor to Adobe’s Type 1 fonts used in PostScript. It has become the most common format for fonts on both the Mac OS and Microsoft Windows operating systems. JRE and JDK are able to parse various graphics files, TrueType font files.
A TrueType Font file consists of a number of tables. There is a directory of tables that must appear at the start of the file. The file may contain only one table of each type, and the type is indicated by a case-sensitive four letter tag. Each table and the whole font have checksums. The tables can appear in any order. The font directory consists of two parts: the offset subtable and the table directory. The offset subtable provides the number of tables in the font and their offset information, and has the following structure:
Offset Size (bytes) Name ------------------------------------------------------------------- 0x00 4 Version 0x04 2 numTables 0x06 2 searchRange (maximum power of 2 <= numTables)*16 0x08 2 entrySelector log2(maximum power of 2 <= numTables) 0x0a 2 rangeShift
A heap memory buffer overflow vulnerability exists in Oracle Java's handling of true type fonts. A remote unauthenticated attacker can exploit this vulnerability to inject and execute arbitrary code in the security context of the logged in user.
Dell SoincWALL UTM team has researched the vulnerability and released the following signatures to cover the exploit.
- GAV:Malformed.ttf.TL.2
The vulnerability was not assigned a Common Vulnerabilities and Exposures (CVE) identifier.
