CVE-2007-2788
Sun JDK and JRE - Remote Code Execution via ICC Profile Integer Overflow
Title source: manualExploitation Summary
EIP tracks 1 public exploit for CVE-2007-2788. PoCs published by Chris Evans.
AI-analyzed exploit summary The provided text is a vulnerability writeup describing CVE-2007-2788 and CVE-2007-2789 affecting Sun JDK, which may allow arbitrary code execution or denial of service. No actual exploit code is present in the snippet.
Description
Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file that triggers a buffer overflow.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Chris Evans · textremotelinux
https://www.exploit-db.com/exploits/30043
The provided text is a vulnerability writeup describing CVE-2007-2788 and CVE-2007-2789 affecting Sun JDK, which may allow arbitrary code execution or denial of service. No actual exploit code is present in the snippet.
Classification
Writeup 90%
Attack Type
Rce | Dos
Complexity
Theoretical
Reliability
Theoretical
Target:
Sun JDK 1.5.0_07-b03
No auth needed
Prerequisites:
Vulnerable Sun JDK installation
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (58)
Core 58
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/34652
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26933
Broken Link x_refsource_misc
http://docs.info.apple.com/article.html?artnum=307177
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://lists.vmware.com/pipermail/security-announce/2008/000003.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26049
Third Party Advisory vendor-advisory
x_refsource_bea
http://dev2dev.bea.com/pub/advisory/248
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26311
Third Party Advisory mailing-list
x_refsource_vim
http://www.attrition.org/pipermail/vim/2007-July/001696.html
Broken Link vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200856-1
Third Party Advisory x_refsource_misc
http://scary.beasts.org/security/CESA-2006-004.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30805
Permissions Required vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0065
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/34318
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/138545
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/24004
Third Party Advisory mailing-list
x_refsource_vim
http://www.attrition.org/pipermail/vim/2007-December/001862.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26369
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200804-28.xml
Broken Link vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28056
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29858
Third Party Advisory vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2007_45_java.html
Permissions Required vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1836
Mailing List, Third Party Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html
Third Party Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0100.html
Third Party Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0956.html
Third Party Advisory x_refsource_confirm
http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html
Third Party Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0817.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26645
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26119
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28365
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/24267
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25832
Permissions Required vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/4224
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200706-08.xml
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30780
Patch, Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25295
Permissions Required vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3009
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27266
Third Party Advisory vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html
Third Party Advisory mailing-list
x_refsource_vim
http://www.attrition.org/pipermail/vim/2007-July/001708.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28115
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1018182
Third Party Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0261.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29340
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25474
Third Party Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-1086.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27203
Third Party Advisory mailing-list
x_refsource_vim
http://www.attrition.org/pipermail/vim/2007-July/001697.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml
Third Party Advisory x_refsource_confirm
http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html
Third Party Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0829.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26631
Third Party Advisory vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11700
Third Party Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0133.html
Scores
EPSS
0.1819
EPSS Percentile
96.8%
Details
CWE
CWE-189
Status
published
Products (38)
sun/jdk
1.5.0 (11 CPE variants)
sun/jdk
1.6.0
sun/jre
1.3.1
sun/jre
1.3.1_2
sun/jre
1.3.1_03
sun/jre
1.3.1_04
sun/jre
1.3.1_05
sun/jre
1.3.1_06
sun/jre
1.3.1_07
sun/jre
1.3.1_08
... and 28 more
Published
May 22, 2007
Tracked Since
Feb 18, 2026