Zero Day Initiative Advisory 10-208 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the support for processing SoundBank files. While parsing BANK records, the HeadspaceSoundbank.nGetName function improperly sign-extends the one byte value into 4 bytes. It is later used as the size to a memcpy when operating on the BANK record’s data. An attacker can abuse this to execute arbitrary code under the context of the user running the web browser.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/94700/ZDI-10-208.txt
Source: https://packetstormsecurity.com/files/94700/Zero-Day-Initiative-Advisory-10-208.html