Thread-topic: [SA26402] Sun JRE Font Parsing Vulnerability
> Sun JRE Font Parsing Vulnerability
> SECUNIA ADVISORY ID:
> VERIFY ADVISORY:
> Highly critical
> System access
> From remote
> Sun Java SDK 1.4.x
> Sun Java JRE 1.5.x / 5.x
> Sun Java JDK 1.5.x
> Sun Java JRE 1.4.x
> A vulnerability has been reported in Sun JRE, which can be exploited
> by malicious people to compromise a user's system.
> The vulnerability is caused due to an unspecified error in the
> parsing of fonts contained in Java applets. This can be exploited by
> malicious, untrusted applets to read and write local files, or to
> execute local applications.
> The vulnerability is reported in the following products:
> * JDK and JRE 5.0 Update 9 and earlier
> * SDK and JRE 1.4.2_14 and earlier
> SDK and JRE 1.3.1_xx are not affected by the vulnerability.
> Update to the latest versions or apply patches:
> JDK and JRE 5.0 Update 10 or later
> SDK and JRE 1.4.2_15 or later
> The latest J2SE 5.0 Update Release for Solaris is also available in
> the following patches:
> * J2SE 5.0: update 12 (as delivered in patch 118666-12)
> * J2SE 5.0: update 12 (as delivered in patch 118667-12 (64bit))
> * J2SE 5.0_x86: update 12 (as delivered in patch 118668-12)
> * J2SE 5.0_x86: update 12 (as delivered in patch 118669-12 (64bit))
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits John Heasman of NGSSoftware.
> ORIGINAL ADVISORY: