Oracle Java Font Processing Vulnerability (May 31, 2013)

Java is a general-purpose, concurrent, class-based, object-oriented computer programming language that is specifically designed to have as few implementation dependencies as possible. A Java virtual machine (JVM) is a program which executes certain other programs, namely those containing Java bytecode instructions. The JVM bundled together with a set of standard class libraries (that implement the Java API) form the Java Runtime Environment (JRE). The Java Development Kit (JDK) containsa full copy of the JRE, a Java compiler, and many other important development tools.

The most common form of Java used on the web is the Java Applet. Java applets can be used to parse various graphics files located on a remote host. One of the font formats processed by the JRE and JDK is the OpenType Font (OTF) format.

A memory corruption vulnerability exists in Oracle JRE and JDK. Specifically, the vulnerability is due to insufficient validation while handling OpenType Font. A remote attacker can exploit this vulnerability by enticing a user to visit a webpage which contains a crafted Java applet. Successful exploitation could lead to arbitrary code execution in the security context of the logged-in user.

The vulnerability has been assigned as CVE-2013-1491.

Dell SonicWALL has released IPS signatures to detect and block specific exploitation attempts targeting this vulnerability. The signatures are listed below:

  • 9917 Oracle Java Font Processing Memory Corruption Vulnerability 1
  • 9918 Oracle Java Font Processing Memory Corruption Vulnerability 2
  • 9919 Oracle Java Font Processing Memory Corruption Vulnerability 3