The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

Sun Alert 244987 Java Runtime Environment (JRE) Buffer Overflow Vulnerabilities in Processing Image Files and Fonts May Allow Applets or Java Web Start Applications to Elevate Their Privileges

Guest Author
Product: Java Platform, Standard Edition (Java SE)

Multiple buffer overflow vulnerabilities in the Java Runtime Environment (JRE) image processing code (CR 6726779), its handling of GIF images (CR 6766136) as well as its font processing (CRs 6733336 and 6751322) may allow an untrusted applet or Java Web Start application to elevate its privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.

Sun acknowledges with thanks, the following:

For CR 6726779:
An anonymous researcher working with Zero Day Initiative (http://www.zerodayinitiative.com/) and TippingPoint (http://www.tippingpoint.com)

For CR 6733336:

Sebastian Apelt working with iDefense VCP http://labs.idefense.com/vcp/

For CR 6751322 and CR 6766136:

iDefense VCP http://labs.idefense.com/vcp/

State: Resolved
First released: 03-Dec-2008

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.