Sun Java JRE sandbox bypass vulnerability

Published: 2006-02-08
Last Updated: 2006-02-09 17:19:11 UTC
by Jason Lam (Version: 2)
0 comment(s)
Sun has released an alert on 7 vulnerabilities in JRE. These vulnerabilities are related to the use of the "reflection" API in JRE. As noted in the alert, there is no workaround and upgrading to the latest version is the only solution.

Sun advisory: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102171-1

Earlier we reported that these vulnerabilities are related to warnings given by US-CERT and AusCERT last month. However, this is not the case as these vulnerabilities are brand new.

------------
Jason Lam
Keywords:
0 comment(s)

IE + WMF security advisory released by Microsoft (913333)

Published: 2006-02-08
Last Updated: 2006-02-08 05:42:55 UTC
by Jason Lam (Version: 1)
0 comment(s)
Microsoft has released a security advisory on a new vulnerability on IE having to do with handling of WMF image files. It looks like only the older version of IE are affected. This is not the same vulnerability as MS06-001 so there are more patching (or IE upgrade) coming up.

MS advisory: http://www.microsoft.com/technet/security/advisory/913333.mspx

------------
Jason Lam
Keywords:
0 comment(s)

New Windows service ACL security advisory released (914457)

Published: 2006-02-08
Last Updated: 2006-02-08 02:34:02 UTC
by Jason Lam (Version: 1)
0 comment(s)
Microsoft has released a new security advisory on overly permissive ACLs on Windows services. Exploitation of the vulnerability can lead to escalation of privilege on the local machine. XP SP1 and 2K3 (without SP) are identified to be vulnerable.

MS advisory: http://www.microsoft.com/technet/security/advisory/914457.mspx

This issue seems to be the same as the one reported few days ago. Look here for more details.

------------
Jason Lam
Keywords:
0 comment(s)

Comments


Diary Archives