Login   |   Secure Purdue > News

Java Runtime Environment Vulnerabilities Lead to Remote Compromise

Sun Java Runtime Environment (JRE) has a buffer overflow vulnerability in its image parsing code which could allow an untrusted applet or application to escalate its privileges.  If this happens, the applet or application could provide itself permissions to read and write local files or execute local applications which are available to the user who is running the untrusted applet or application.  All systems running Windows, Linux variants, and Solaris are considered vulnerable.

Affected versions include:

- JDK and JRE 6

- JDK and JRE 5.0 Update 10 and earlier

- SDK and JRE 1.4.2_14 and earlier

- SDK and JRE 1.3.1_20 and earlier

JRE also has a vulnerability that could permit an untrusted applet or application to cause the Java Virtual Machine (JVM) to freeze.  All systems running Windows, Linux variants, and Solaris are considered vulnerable.

Affected versions include:

- JDK and JRE 6

- JDK and JRE 5.0 Update 10 and earlier

- SDK and JRE 1.4.2_14 and earlier

- SDK and JRE 1.3.1_19 and earlier

The solution for both vulnerabilities is to update to a version newer than the versions listed above as affected.

Posted by Kitch Spicer on July 17, 2007, in Handlers Log.