[security-alerts] FW: [SA22910] Sun Java JRE Swing Library Applet Security Bypass

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

> 
> TITLE:
> Sun Java JRE Swing Library Applet Security Bypass
> 
> SECUNIA ADVISORY ID:
> SA22910
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/22910/
> 
> CRITICAL:
> Moderately critical
> 
> IMPACT:
> Security Bypass
> 
> WHERE:
> From remote
> 
> SOFTWARE:
> Sun Java JRE 1.5.x / 5.x
> http://secunia.com/product/4228/
> Sun Java JDK 1.5.x
> http://secunia.com/product/4621/
> 
> DESCRIPTION:
> A vulnerability has been reported in Sun Java JRE, which can be
> exploited by malicious people to bypass certain security
> restrictions.
> 
> The vulnerability is caused due to an unspecified error in the Java
> Runtime Environment Swing library and may allow a malicious,
> untrusted applet to access data in other applets.
> 
> The vulnerability is reported in JDK and JRE 5.0 Update 7 and
> earlier.
> 
> Note: SDK and JRE 1.4.2_xx and earlier, and 1.3.1_xx and earlier are
> not affected.
> 
> SOLUTION:
> Update to JDK and JRE 5.0 Update 8 or later.
> 
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits Tom Hawtin.
> 
> ORIGINAL ADVISORY:
> http://sunsolve.sun.com/search/document.do?assetkey=1-26-102622-1
>