The Java Runtime Environment (JRE) Java Update mechanism running on non-English versions of the Windows operating system does not update the JRE when a new version is available.

Sun acknowledges with thanks, Tomasz "Tometzky" Ostrowski for bringing this issue to our attention.

Permalink |

Two vulnerabilities in the Java Runtime Environment with decoding DER encoded data and parsing HTTP headers may separately allow a remote client to cause the JRE on the server to run out of memory, resulting in a DoS (Denial of Service) condition.

Sun acknowledges with thanks, BFK edv-consulting GmbH, for bringing the first issue to our attention.

Permalink |

A security vulnerability in the Java Runtime Environment with verifying HMAC digests may allow authentication to be bypassed. This could allow a user to forge a digital signature that would be accepted as valid. Applications that validate HMAC-based digital signatures may be vulnerable to this type of attack.

Note: This vulnerability cannot be exploited by an untrusted applet or Java Web Start application.

Sun acknowledges, with thanks, Coda Hale for bringing this issue to our attention.

Permalink |

A command execution vulnerability in the Java Runtime Environment Deployment Toolkit may be leveraged to execute arbitrary code. This may occur as the result of a user of the Java Runtime Environment viewing a specially crafted web page that exploits this vulnerability.

Sun acknowledges with thanks, an anonymous researcher working with iDefense for bringing this issue to our attention.

Permalink |

Multiple buffer and integer overflow vulnerabilities in the Java Runtime Environment with processing audio and image files may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.

Sun acknowledges with thanks, the following researchers for bringing these issues to our attention:

CR 6854303: An anonymous researcher, working with the Zero Day Initiative (http://www.zerodayinitiative.com) and TippingPoint (http://www.tippingpoint.com).

CR 6862970: An anonymous researcher working with the iDefense VCP (http://labs.idefense.com/vcp/).

CR 6872357 and CR 6872358: Peter Vreugdenhil, working with the Zero Day Initiative (http://www.zerodayinitiative.com) and TippingPoint (http://www.tippingpoint.com).

CR 6872358, CR 6862969 and CR 6862968: regenrecht working with iDefense VCP (http://labs.idefense.com/vcp/).

CR 6874643: regenrecht working with Zero Day Initiative (http://www.zerodayinitiative.com) and TippingPoint (http://www.tippingpoint.com).

Permalink |

Permalink |

A security vulnerability in the Java Web Start Installer may be leveraged to allow an untrusted Java Web Start application to run as a trusted application and execute arbitrary code. This may occur when a user opens a specially crafted web page that exploits this vulnerability.

Sun acknowledges with thanks, Peter Csepely, working with the Zero Day Initiative (http://www.zerodayinitiative.com/) and TippingPoint (http://www.tippingpoint.com/) for bringing this issue to our attention.

Permalink |