Sun Java JDK / JRE Multiple Vulnerabilities
Secunia Advisory: SA36159
Release Date: 2009-08-05
Critical: Highly critical
Impact: Security Bypass
Where: From remote
Solution Status: Vendor Patch
Sun Java JDK 1.5.x
Sun Java JDK 1.6.x
Sun Java JRE 1.4.x
Sun Java JRE 1.5.x / 5.x
Sun Java JRE 1.6.x / 6.x
Sun Java SDK 1.4.x
Some vulnerabilities have been reported in Sun Java, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system.
1) An error in the JRE SOCKS proxy implementation can be exploited by untrusted applets or untrusted Java Web Start applications to obtain the username of the user running the applet or application.
2) An error in the JRE proxy mechanism implementation can be exploited by untrusted applets or untrusted Java Web Start applications to obtain browser cookies.
3) An error in the JRE proxy mechanism implementation can be exploited by untrusted applets or untrusted Java Web Start applications to establish connections to normally restricted hosts.
4) An error in the Microsoft Visual Studio Active Template Library (ATL) used by the Java Web Start ActiveX control can be exploited to execute arbitrary code when a user visits a specially crafted web page.
For more information:
5) An integer overflow error in JRE when unpacking applets and in Java Web Start applications using the "unpack200" JAR unpacking utility can be exploited to potentially execute arbitrary code.
6) An integer overflow error in JRE when parsing JPEG images can be exploited to potentially execute arbitrary code via a specially crafted Java Web Start application.
7) An error in the JRE audio system can be exploited by an untrusted applet or Java Web Start application to access "java.lang.System" properties.
8) An error in old version of the JNLPAppletLauncher class can be exploited to write arbitrary files to a user's system via a specially crafted untrusted applet.
Please see the vendor advisories for details on affected products and versions.