Sun Java JDK / JRE Multiple Vulnerabilities

Multiple vulnerabilities have been identified in Sun Java, which could be exploited by attackers to bypass security restrictions, disclose sensitive information, cause a denial of service, or compromise an affected system.

1. An unspecified error in the HTTP server implementation, which could allow remote attackers to cause a denial of service on a JAX-WS service endpoint that runs on the JRE.

2. A buffer overflow errors when processing malformed PNG or GIF images, or specially crafted fonts, which could be exploited to execute arbitrary code via a malicious applet or Java Web Start application.

3. An unspecified error within the JRE Virtual Machine code generation, which may allow an untrusted applet to elevate its privileges.

4. An errors in the Java Plug-in when deserializing or handling applets, and when parsing Javascript data or "crossdomain.xml" files, which could be exploited to bypass security restrictions or disclose sensitive information.

5. An errors within the storing and processing of temporary font files, which may allow an untrusted applet or Java Web Start application to consume a large amount of disk space resulting in a denial of service.

6. A integer and buffer overflow errors when unpacking applets and Java Web Start applications using the "unpack200" JAR unpacking utility, which could be exploited to execute arbitrary code.

7. An error when initializing LDAP connections, which could be exploited by a remote client to cause a denial of service.

8. An error in the LDAP client implementation, which may allow malicious data from an LDAP server to cause malicious code to be unexpectedly loaded and executed on an LDAP client.