Critical Flaws Found in Java Development Kit

May 18, 2007

The two flaws could be exploited remotely by hackers, with one resulting in the possible execution of code.

Two vulnerabilities open to remote exploitation by hackers have been found in Java Development Kit, one of which could be used to take over a compromised system.

JDK (Java Development Kit) is a software development tool made by Sun Microsystems specifically for Java users. The vulnerabilities were rated "critical" by FrSIRT (French Security Incident Response Team), a security research organization based in France.

One flaw is caused by an integer overflow error in the image parser when processing ICC profiles embedded within JPEG images, according to FrSIRT researchers.

Security experts at Secunia outlined the dangers of the flaw in a separate advisory. "This can be exploited to crash the JVM and potentially allow the execution of arbitrary code by e.g. tricking an application using the JDK to process a malicious image file," Secunia security experts stated.

The second vulnerability is caused by an error in the BMP image parser when processing malformed files on Unix/Linux systems, which could be exploited by attackers to cause a denial of service. Both flaws affect Sun JDK version 1.x.

Users can find an answer to both vulnerabilities by upgrading to JDK versions 1.5.0_11-b03 or 1.6.0_01-b06.

Copyright 2007 by Ziff Davis Media, Distributed by United Press International

Explore further: Software provides a clear overview in long documents

add to favorites email to friend print save as pdf

Related Stories

Which phone is most vulnerable to malware?

Apr 30, 2014

As each new computer virus attack or vulnerability comes to light, millions instinctively check their computer to see if their anti-malware application is up to date. This is a good idea and they are wise ...

Bringing the world reboot-less updates

Jan 24, 2014

It's an annoyance for the individual computer user: You've updated your operating system, and now you need to reboot. This is so the computer can switch to the modified source code.

Recommended for you

Samsung delays Tizen smartphone sales launch

24 minutes ago

Samsung Electronics said Monday it would postpone the roll-out of its new smartphone based on Tizen, a home-grown operating system aimed at breaking away from Google's Android system.

Chinese portal Sohu reports $45 million loss

3 hours ago

(AP)—Sohu.com Inc., operator of a popular Chinese Internet portal, said Monday it lost $45 million in the latest quarter while revenue rose 18 percent to $400 million.

Sapphire talk enlivens guesswork over iPhone 6

14 hours ago

Sapphire screens for the next iPhone? Sapphire is second only to diamond in hardness scratch-proof properties, used in making LEDs, missiles sensors, and on screens for luxury-tier phones. Last year, the ...

User comments : 0