Sun Java Multiple Code Execution and Security Bypass Vulnerabilities

Multiple vulnerabilities have been identified in Sun Java, which could be exploited by attackers to bypass security restrictions, disclose sensitive information, cause a denial of service, or compromise an affected system.

1. An error in the SOCKS proxy implementation, which may allow an untrusted applet or Java Web Start application to determine the username of the user running the applet or application.

2. An error in the proxy mechanism implementation, which may allow an untrusted applet or Java Web Start application to obtain browser cookies and conduct session hijacking attacks.

3. An error in the proxy mechanism implementation, which may allow an untrusted applet or Java Web Start application to make unauthorized socket or URL connections to hosts other than the origin host.

4. Due to the Java Web Start ActiveX control using vulnerable MS Active Template Libraries (ATL) and headers, which could lead to code execution.

5. An integer overflow error in the unpack200 JAR utility when unpacking applets and Java Web Start applications, which could allow code execution.

6. An integer overflow error within the parsing of JPEG images, which may allow an untrusted Java Web Start application to escalate privileges and execute arbitrary code.

7. An error within the audio system, which may allow an untrusted applet or Java Web Start application to access "java.lang.System" properties.

8. An error in the XML Digital Signature implementation.

9. An error related to the JNLPAppletLauncher, which may allow non-current versions of the JNLPAppletLauncher to be re-purposed with an untrusted Java applet, leading to arbitrary file writing on a vulnerable system.