Critical Flaws Found in Java Development Kit

May 18, 2007

The two flaws could be exploited remotely by hackers, with one resulting in the possible execution of code.

Two vulnerabilities open to remote exploitation by hackers have been found in Java Development Kit, one of which could be used to take over a compromised system.

JDK (Java Development Kit) is a software development tool made by Sun Microsystems specifically for Java users. The vulnerabilities were rated "critical" by FrSIRT (French Security Incident Response Team), a security research organization based in France.

One flaw is caused by an integer overflow error in the image parser when processing ICC profiles embedded within JPEG images, according to FrSIRT researchers.

Security experts at Secunia outlined the dangers of the flaw in a separate advisory. "This can be exploited to crash the JVM and potentially allow the execution of arbitrary code by e.g. tricking an application using the JDK to process a malicious image file," Secunia security experts stated.

The second vulnerability is caused by an error in the BMP image parser when processing malformed files on Unix/Linux systems, which could be exploited by attackers to cause a denial of service. Both flaws affect Sun JDK version 1.x.

Users can find an answer to both vulnerabilities by upgrading to JDK versions 1.5.0_11-b03 or 1.6.0_01-b06.

Copyright 2007 by Ziff Davis Media, Distributed by United Press International


print this article email this article download pdf blog this article bookmark this article     Stumble it Digg this share on Facebook retweet share on Reddit add to delicious
Rate this story - 4.5 /5 (2 votes)


May 18, 2007 all stories

Comments: 0

4.5 /5 (2 votes)
  • Stumble this up

  • Digg this

  • share this

  • hide

  • Related Stories

  • Google Go gets going (w/ Video)
    created 15 hours ago | popularity not rated yet | comments 0
  • ARM Introduces New Cortex-A5 Power-Efficient and Cost-Effective Multicore Processor
    created Oct 21, 2009 | popularity not rated yet | comments 0
  • IBM scoops up software maker SPSS in $1.2B deal
    created Jul 28, 2009 | popularity not rated yet | comments 0
  • Mobile services made simple
    created May 25, 2009 | popularity not rated yet | comments 0
  • Sun Reveals a Slew of Moves at JavaOne
    created May 09, 2007 | popularity not rated yet | comments 0



  • hide

  • Relevant PhysicsForums posts

  • I wanna build a robot!
    created 9 hours ago
  • Finding Max Moment for triangular load
    created Nov 10, 2009
  • Dehumidifier from a walk-in freezer unit?
    created Nov 10, 2009
  • Cloak of invisiblity , what kind of applications can it be usefull for
    created Nov 09, 2009
  • More from Physics Forums - General Engineering

Other News

Facebook logo

Poked: The difference between Facebook's News Feed and Live Feed

Technology / Internet

created 42 minutes ago | popularity not rated yet | comments 0

First off, I'd like to thank Facebook for confusing its users yet again with a new feature that is hard to decipher and makes users grumpy. It really makes my job of picking a column topic so easy when they ...


Creating 3D models with a simple webcam

Creating 3D models with a simple webcam (w/ Video)

Technology / Computer Sciences

created 6 hours ago | popularity 5 / 5 (9) | comments 2

(PhysOrg.com) -- Constructing virtual 3D models usually requires heavy and expensive equipment, or takes lengthy amounts of time. A group of researchers at the University of Cambridge, Qi Pan, Dr Gerhard Reitmayr ...


Google Go

Google Go gets going (w/ Video)

Technology / Software

created 15 hours ago | popularity 4.6 / 5 (5) | comments 6

(PhysOrg.com) -- Google has introduced its new experimental programming language Go, which aims to combine speedy application development through simplified coding with high-speed program execution.


Google Wave Client

Many computer users hesitate to ride the Wave

Technology / Internet

created 5 hours ago | popularity not rated yet | comments 3

Google's latest brainchild, Google Wave, is all the rage among bleeding-edge technology enthusiasts. But corporate information technology executives say that while they're intrigued by Wave -- a replacement ...


Bing logo

Microsoft brings more Web data to Bing results; teams up with WolframAlpha

Technology / Internet

created 4 hours ago | popularity not rated yet | comments 0

(AP) -- Microsoft's Bing search service will pull more information and tools from other Web sites as the company tries to distinguish itself as part of its challenge to market leader Google.




PhysOrg Account
advanced search
  • follow with twitter
  • follow on facebook
  • read with kindle
  • customize RSS
  • physorg mobile
  • newsletter