MA-187.082009: MyCERT Alert - Multiple Critical Vulnerabilities in Sun Java Runtime Environment and Java Development Kit 1.0 Introduction Multiple critical vulnerabilities have been identified in Sun Java Runtime Environment and Java Development Kit. These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system. The list of the vulnerabilities is as follows: - Sun Java Web Start JPEG Header Parsing Integer Overflow Vulnerability
- Sun Java Pack200 Decoding Inner Class Count Integer Overflow Vulnerability
2.0 Impact An attacker who has successfully exploited this vulnerability such as by tricking the users to visit a website with a malicious java applets, could execute code remotely and gain the same privilege as the user. 3.0 Affected Products - Sun Java JDK 1.5.0_20 and earlier versions
- Sun Java JDK 1.6.0_14 and earlier versions
- Sun Java JRE 1.4.2_22 and earlier versions
- Sun Java JRE 1.5.0_20 and earlier versions
- Sun Java JRE 1.6.0_14 and earlier versions
- Sun Java SDK 1.4.2_15 and earlier versions
4.0 Recommendation Users are recommended to upgrade to the latest update released for specific version used. Users can obtain the update from the following URL: http://java.sun.com/products/archive/ While for the Mac OS users, update can be obtained from the following URL:
http://support.apple.com/downloads/ Generally, MyCERT advises the users of this product to be updated with the latest security announcements by the vendor. Users who receive suspicious applets or URL can forward them to MyCERT for further analysis. MyCERT can be reached through the following channels: E-mail : mycert@mycert.org.my
Phone : +603 89926969 or 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : +60 19 2813801 (24x7 SMS reporting)
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web: http://www.mycert.org.my 5.0 References |
