Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - Sun JRE Vulnerabilities InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Sun JRE Vulnerabilities

Published: 2007-06-06
Last Updated: 2007-06-06 18:38:35 UTC
by Chris Carboni (Version: 1)
0 comment(s)
Security Vulnerabilities in the Java Runtime Environment Image Parsing Code may Allow a Untrusted Applet to Elevate Privileges

A buffer overflow vulnerability in the image parsing code in the Java Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.

A second vulnerability may allow an untrusted applet or application to cause the Java Virtual Machine to hang.

Both vulnerabilities can be exploited in the following versions

  • JDK and JRE 6
  • JDK and JRE 5.0 Update 10 and earlier
  • SDK and JRE 1.4.2_14 and earlier
  • SDK and JRE 1.3.1_20 and earlier

Updates are available, see the Sun alert for full details.

HOD: Christopher Carboni
Keywords:
0 comment(s)
Diary Archives