Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Sun JRE Vulnerabilities - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Sun JRE Vulnerabilities
Security Vulnerabilities in the Java Runtime Environment Image Parsing Code may Allow a Untrusted Applet to Elevate Privileges

A buffer overflow vulnerability in the image parsing code in the Java Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.

A second vulnerability may allow an untrusted applet or application to cause the Java Virtual Machine to hang.

Both vulnerabilities can be exploited in the following versions

  • JDK and JRE 6
  • JDK and JRE 5.0 Update 10 and earlier
  • SDK and JRE 1.4.2_14 and earlier
  • SDK and JRE 1.3.1_20 and earlier

Updates are available, see the Sun alert for full details.

HOD: Christopher Carboni
Chris

140 Posts

Sign Up for Free or Log In to start participating in the conversation!