Computer Security
[EN] securityvulns.ru no-pyccku


Sun JRE / JDK multiple security vulnerabilities
Published:01.06.2007
Source:
SecurityVulns ID:7762
Type:library
Threat Level:
7/10
Description:Buffer and integer overflows in JPG and BMP processing, sandbox protection bypass with system classes.
Affected:SUN : JRE 1.5
 SUN : JDK 1.5
 SUN : JDK 1.6
 SUN : JRE 1.6
CVE:CVE-2007-2789 (The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03, and 1.6.x before 1.6.0_01-b06, on Unix/Linux systems, allows remote attackers to trigger the opening of arbitrary local files via a crafted BMP file, which causes a denial of service (system hang) in certain cases such as /dev/tty, and has other unspecified impact.)
 CVE-2007-2788 (Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03, and 1.6.x before 1.6.0_01-b06, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file.)
 CVE-2007-2435 (Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files.)
Original documentdocumentGENTOO, [ GLSA 200705-23 ] Sun JDK/JRE: Multiple vulnerabilities (01.06.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod