Status Tracking Note TRTA07-022A

Sun Updates for Multiple Vulnerabilities in Java

Overview

The Sun Java Runtime Environment contains multiple vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Event Information
Date (UTC)Description
2007-01-22 19:34 US-CERT
TA07-022A: Sun Updates for Multiple Vulnerabilities in Java
Via US-CERT Mailing List
The Sun Java Runtime Environment contains multiple vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
2007-01-21 Bugtraq
Sun Java RunTime Environment GIF Images Buffer Overflow Vulnerability
Java GIF File Parsing Memory Corruption Vulnerability Proof Of Concept (CVE-2007-0243)
#Cid: JvmGifVulPoc.java
#Tested: Sun JRE 1.5
2007-01-10 US-CERT
Exploit Code Available for Multiple Vulnerabilities in Sun Java Runtime Environment
US-CERT is aware of publicly available exploit code for multiple vulnerabilities in Sun Java Runtime Environment (JRE).
2006-12-19 22:03
CESA-2005-008: Sun JDK sandbox escape via native code vulnerabilities
There are enough methods backed by native code that it is likely to take some time before they are all audited. Until this is done, untrusted applets and applications may not be run with any confidence.
2006-12-19 07:00 Sun Microsystems
102729: Security Vulnerabilities in the Java Runtime Environment may Allow Untrusted Applets to Elevate Privileges and Execute Arbitrary Code
Two buffer overflow vulnerabilities in the Java Runtime Environment may independently allow an untrusted applet to elevate its privileges.
2006-12-19 07:00 Sun Microsystems
102731: Security Vulnerabilities Related to Serialization in the Java Runtime Environment may Allow Untrusted Applets to Elevate Privileges
Two vulnerabilities related to serialization in the Java Runtime Environment may independently allow an untrusted applet or application to elevate its privileges.
2006-06-16 Zero Day Initiative (ZDI)
ZDI-07-005: Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability
Vulnerability Reported
Date first published (UTC): 2007-01-24T06:47+00:00
Date last updated (UTC): 2007-01-25T21:55+00:00