VUPEN Security - Hitachi Products Image Handling Code Execution and Denial of Service Issues / Exploit (Security Advisories)

	Contact \| Site en Français

Vulnerabilities & Threats

VUPEN Security Advisories

Linux Security Advisories

Malware Advisories

Security Research

Threat Watch Blog

Zero-Day Monitor

Search Engine

Mailing List & RSS

>> Hitachi Products Image Handling Code Execution and Denial of Service Issues

Title : Hitachi Products Image Handling Code Execution and Denial of Service Issues
VUPEN ID : VUPEN/ADV-2007-3034
CVE ID : CVE-2007-4758 - CVE-2007-4759
Rated as : Critical

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-09-03

Technical Description

Receive VUPEN Security alerts in a Text format

Receive VUPEN Security alerts in a PDF format

Receive VUPEN Security alerts in an XML format

Multiple vulnerabilities have been identified in various Hitachi products, which could be exploited by remote attackers to cause a denial of service or take complete control of an affected system. These issues are caused by buffer overflow and denial of service errors in the Cosminexus Developer's Kit for Java when processing malformed images, which could be exploited by attackers to crash an affected application or execute arbitrary code.

Affected Products

Hitachi Cosminexus 7.x
Hitachi Cosminexus 6.x
Hitachi Cosminexus 5.x
Hitachi Cosminexus 4.x
Hitachi uCosminexus Application Server Enterprise
Hitachi uCosminexus Application Server Standard
Hitachi uCosminexus Service Platform
Hitachi uCosminexus Developer Standard
Hitachi uCosminexus Developer Professional
Hitachi uCosminexus Developer Light
Hitachi uCosminexus Service Architect
Hitachi uCosminexus Operator
Hitachi uCosminexus Client
Hitachi Cosminexus Application Server Enterprise version 6
Hitachi Cosminexus Application Server Standard version 6
Hitachi Cosminexus Developer Standard version 6
Hitachi Cosminexus Developer Professional version 6
Hitachi Cosminexus Developer Light version 6
Hitachi Cosminexus Client version 6
Hitachi Cosminexus Application Server version 5
Hitachi Cosminexus Developer version 5
Hitachi Cosminexus Studio version 5
Hitachi Cosminexus Studio - Web Edition version 4
Hitachi Cosminexus Server - Web Edition version 4
Hitachi Cosminexus Studio - Standard Edition version 4
Hitachi Cosminexus Server - Standard Edition version 4
Hitachi Electronic Form Workflow - Standard Set
Hitachi Electronic Form Workflow - Professional Library Set
Hitachi Electronic Form Workflow - Developer Client Set
Hitachi uCosminexus ERP Integrator
Hitachi Cosminexus ERP Integrator
Hitachi uCosminexus Collaboration - Server
Hitachi Cosminexus Collaboration - Server
Hitachi Groupmax Collaboration - Server
Hitachi uCosminexus/OpenTP1 Web Front-end Set
Hitachi Cosminexus/OpenTP1 Web Front-end Set
Hitachi Processing Kit for XML
Hitachi IBM XL C/C++ Enterprise Edition version 7 for AIX and Hitachi Developer Kit for Java
Hitachi IBM XL C/C++ Enterprise Edition version 8 for AIX and Hitachi Developer Kit for Java

Solution

Upgrade to the latest versions :
http://www.hitachi-support.com/security_e/vuls_e/HS07-028_e/index-e.html

References

http://www.vupen.com/english/advisories/2007/3034
http://www.hitachi-support.com/security_e/vuls_e/HS07-028_e/index-e.html

Credits

Vulnerabilities reported by the vendor.

ChangeLog

2007-09-03 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.

Vulnerability Alerting

Free 14-Day Trial

Latest News

Microsoft Windows 0-Day
Flaw Exploited in the Wild

VUPEN Security Research
Discovered Critical Flaws
in Adobe Acrobat and MS
Office Word

VUPEN Security Research
Discovered Critical Flaws
in ACDSee Products

VUPEN Discovered Two
Critical Vulnerabilities in
Novell GroupWise 8 / 7

More Informations

Copyright 2003-2009 © VUPEN.COM - Privacy Policy