Sun Java JDK / JRE Multiple Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 10 Jul 2008 4888 Views

RISK: Medium Risk

Medium Risk

Multiple vulnerabilities have been identified in Sun Java, which could be exploited by malicious people to bypass certain security restrictions, disclose system information or potentially sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system.

1. An error in the Java Runtime Environment Virtual Machine can be exploited by a malicious, untrusted applet to read and write local files and execute local applications.

2. An error in the Java Management Extensions (JMX) management agent can be exploited by a JMX client to perform certain unauthorized operations on a system running JMX with local monitoring enabled.

3. Two errors within the scripting language support in the Java Runtime Environment can be exploited by malicious, untrusted applets to access information from another applet, read and write local files, and execute local applications.

4. Boundary errors in Java Web Start can be exploited by an untrusted Java Web Start applications to cause buffer overflows.

5. Three errors in Java Web Start can be exploited by an untrusted Java Web Start applications to create or delete arbitrary files with the privileges of the user running the untrusted Java Web Start application, or to determine the location of the Java Web Start cache.

6. An error in the implementation of Secure Static Versioning allows applets to run on an older release of JRE.

7. Errors in the Java Runtime Environment can be exploited by an untrusted applet to bypass the same origin policy and establish socket connections to certain services running on the local host.

8. An error in the Java Runtime Environment when processing certain XML data can be exploited to allow unauthorized access to certain URL resources or cause a DoS.

Successful exploitation requires the JAX-WS client or service in a trusted application to process the malicious XML data.

9. An error in the Java Runtime Environment when processing certain XML data can be exploited by an untrusted applet or application to gain unauthorized access to certain URL resources.

10. A boundary error when processing fonts in the Java Runtime Environment can be exploited to cause a buffer overflow.

Impact

  • Denial of Service
  • Remote Code Execution
  • Security Restriction Bypass

System / Technologies affected

  • Java Web Start 1.x
  • Java Web Start 5.x
  • Java Web Start 6.x
  • Sun Java JDK 1.5.x
  • Sun Java JDK 1.6.x
  • Sun Java JRE 1.3.x
  • Sun Java JRE 1.4.x
  • Sun Java JRE 1.5.x / 5.x
  • Sun Java JRE 1.6.x / 6.x
  • Sun Java SDK 1.3.x
  • Sun Java SDK 1.4.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

JDK and JRE 6 Update 7:
http://java.sun.com/javase/downloads/index.jsp

JDK and JRE 5.0 Update 16:
http://java.sun.com/javase/downloads/index_jdk5.jsp

SDK and JRE 1.4.2_18:
http://java.sun.com/j2se/1.4.2/download.html

SDK and JRE 1.3.1_23 (for customers with Solaris 8 and Vintage Support Offering support contracts):
http://java.sun.com/j2se/1.3/download.html

Vulnerability Identifier

Source

Related Link

Share with

Previous

Microsoft Office Word Document Handling Code Execution Vulnerability

10 Jul 2008 4540 Views

Next

Apple TV Data Processing Remote Code Execution Vulnerabilities

14 Jul 2008 4695 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY