Critical Java security flaw discovered

I haven’t seen a serious vulnerability in the JRE/JDK for a while, but I came across this one (via JavaWorld) which was discovered by an anonymous researcher working with the Zero Day Initiative. The vulnerability affects recent versions of the JDK and JRE (1.3, 1.4 and 1.5).

By loading a GIF image, and specifying a size of zero, a malicious applet can cause a buffer overflow and execute code remotely. Exploits are already publicly available.

Sunsolve has the instructions for how to address this issue.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: