« Sun Alert 103079... | Main | Sun Alert 102964... »
23 Oct 2007 Sun Alert 102934 Security Vulnerabilities in the Java Runtime Environment Image Parsing Code May Allow a Untrusted Applet to Elevate Privileges
posted by security in Alerts
Product: Java 2 Platform, Standard Edition

A buffer overflow vulnerability in the image parsing code in the Java Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.

A second vulnerability may allow an untrusted applet or application to cause the Java Virtual Machine to hang.

Sun acknowledges, with thanks, Chris Evans of the Google Security Team, for bringing these issues to our attention.

These issues are also referenced in the following documents:

CVE-2007-2788 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2788

CVE-2007-2789 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2789

Avoidance: Patch, Upgrade
State: Resolved
First released: 31-May-2007
Sun Alert Link: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1
Permalink | Comments [0]
Trackback URL: http://blogs.sun.com/security/entry/sun_alert_102934_security_vulnerabilities
Comments:

Post a Comment:

Name:
E-Mail:
URL:

Your Comment:

HTML Syntax: NOT allowed

« Sun Alert 103079... | Main | Sun Alert 102964... »

Sun Certified Security Administrator

Download Solaris
Patches and Updates
Download Solaris Security Toolkit

« November 2009
SunMonTueWedThuFriSat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
     
       
Today


Company Info   |   Contact   |   Terms of Use   |   Privacy   |   Trademarks   |   Copyright 2008 Sun Microsystems, Inc.