Critical Flaws Found in Java Development Kit
May 18, 2007The two flaws could be exploited remotely by hackers, with one resulting in the possible execution of code.
Two vulnerabilities open to remote exploitation by hackers have been found in Java Development Kit, one of which could be used to take over a compromised system.
JDK (Java Development Kit) is a software development tool made by Sun Microsystems specifically for Java users. The vulnerabilities were rated "critical" by FrSIRT (French Security Incident Response Team), a security research organization based in France.
One flaw is caused by an integer overflow error in the image parser when processing ICC profiles embedded within JPEG images, according to FrSIRT researchers.
Security experts at Secunia outlined the dangers of the flaw in a separate advisory. "This can be exploited to crash the JVM and potentially allow the execution of arbitrary code by e.g. tricking an application using the JDK to process a malicious image file," Secunia security experts stated.
The second vulnerability is caused by an error in the BMP image parser when processing malformed files on Unix/Linux systems, which could be exploited by attackers to cause a denial of service. Both flaws affect Sun JDK version 1.x.
Users can find an answer to both vulnerabilities by upgrading to JDK versions 1.5.0_11-b03 or 1.6.0_01-b06.
Copyright 2007 by Ziff Davis Media, Distributed by United Press International
-
Engineers build first sub-10-nm carbon nanotube transistor
Feb 01, 2012 |
4.9 / 5 (31) |
30
-
Something old, something new: Evolution and the structural divergence of duplicate genes
Jan 31, 2012 |
4.6 / 5 (7) |
1
-
The hidden nanoworld of ice crystals: Revealing the dynamic behavior of quasi-liquid layers
Jan 30, 2012 |
5 / 5 (3) |
1
-
Stock market network reveals investor clustering
Jan 27, 2012 |
3.9 / 5 (23) |
8
-
Of microchemistry and molecules: Electronic microfluidic device synthesizes biocompatible probes
Jan 26, 2012 |
5 / 5 (1) |
0
-
Need help reading 3-D
2 hours ago
-
A way to send and receive wireless data
8 hours ago
-
Tabletop Cold Fusion Reactor
9 hours ago
-
Calling function with no input argument
Feb 10, 2012
-
Force free body diagram problem on gym equipment
Feb 10, 2012
-
Empirical data regarding shower heads and water
Feb 10, 2012
- More from Physics Forums - General Engineering
More news stories
Walney offshore wind farm is world's biggest (for now)
(PhysOrg.com) -- The Walney wind farm on the Irish Sea--characterized by high tides, waves and windy weather--officially opened this week. The farm is treated in the press as a very big deal as the Walney ...
Technology / Energy & Green Tech
10 hours ago |
3.8 / 5 (9) |
25
|
GPS court ruling leaves US phone tracking unclear
A US Supreme Court decision requiring a warrant to place a GPS device on the car of a criminal suspect leaves unresolved the bigger issue of police tracking using mobile phones, legal experts say.
11 hours ago |
4 / 5 (2) |
0
Europeans protest controversial Internet pact
Tens of thousands of people marched in protests in more than a dozen European cities Saturday against a controversial anti-online piracy pact that critics say could curtail Internet freedom.
7 hours ago |
5 / 5 (5) |
0
Netflix settlement trims 14 pct off 4Q earnings
(AP) -- Netflix pressed the rewind button on its fourth-quarter earnings after settling allegations that the video subscription service violated a consumer-privacy law.
11 hours ago |
not rated yet |
0
Navy to begin tests on electromagnetic railgun prototype launcher
The Office of Naval Research (ONR)'s Electromagnetic (EM) Railgun program will take an important step forward in the coming weeks when the first industry railgun prototype launcher is tested at a facility ...
Feb 06, 2012 |
4.6 / 5 (14) |
88
|
Europe stakes billion-dollar bet on new rocket
A pencil-slim rocket is scheduled to lift into space from South America on Monday, carrying a billion-dollar bet that Europe can grab a juicy slice of the market to place satellites in low orbit.
Study finds that anti-diabetic medication can prevent the long-term effects of maternal obesity
In a study to be presented today at the Society for Maternal-Fetal Medicine's annual meeting, The Pregnancy Meeting, in Dallas, Texas, researchers will report findings that show that short therapy with the anti-diabetic medication ...
Steroid injections prove effective in treatment of lumbar disc herniations
The use of epidural steroid injections may be a more efficient treatment option for lumbar disc herniations, according to research presented today at the American Orthopaedic Society for Sports Medicine's Specialty Day in ...
Amateur football players not always keen on returning to play after ACL injuries
Despite the known success rates of reconstructive Anterior Cruciate Ligament (ACL) surgery, the number of high school and collegiate football players returning to play may not be as high as anticipated, say researchers presenting ...
Study finds elevated levels of cell-free DNA in first trimester do not predict preeclampsia
In a study to be presented today at the Society for Maternal-Fetal Medicine's annual meeting, The Pregnancy Meeting, in Dallas, Texas, researchers will report findings that indicate that elevated levels of cell-free DNA in ...
PRP treatment aids healing of elbow injuries say researchers
As elbow injuries continue to rise, especially in pitchers, procedures to help treat and get players back in the game quickly have been difficult to come by. However, a newer treatment called platelet rich plasma (PRP) may ...
