Friday, May 18, 2007

Critical Flaws in JDK

FrSIRT.com (French Security Incident Response Team), a security research organization based in France, found two vulnerabilities in Sun Java Development Kit (JDK) ver 1.x, which could be exploited by remote attackers to take complete control of an affected system or cause a denial of service. JDK (Java Development Kit) is a software development tool made by Sun Microsystems specifically for Java users. The vulnerabilities were rated "critical" by FrSIRT.

The first issue is caused by an integer overflow error in the image parser when processing ICC profiles embedded within JPEG images, which could be exploited by attackers to execute arbitrary code. The second vulnerability is caused by an error in the BMP image parser when processing malformed files on Unix/linux systems, which could be exploited by attackers to cause a denial of service. Read full advisories here.

As a solution, just upgrading to JDK versions 1.5.0_11-b03 or 1.6.0_01-b06.

No comments:

Post a Comment