Sun Updates for Multiple Vulnerabilities in Java
http://jvnrss.ise.chuo-u.ac.jp/jtg/trn/en/TRTA07-022A.html
JVNRSS based Status Tracking Notes: The Sun Java Runtime Environment contains multiple vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.JVNRSS Feasibility Study Teamjvn@jvn.jpTRTA07-022A2007-01-25T21:55+00:002007-01-24T06:47+00:002007-01-25T21:55+00:00Sun Updates for Multiple Vulnerabilities in Java
http://www.us-cert.gov/cas/techalerts/TA07-022A.html
Via US-CERT Mailing List
The Sun Java Runtime Environment contains multiple vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
US-CERTTA07-022A2007-01-22T14:34-05:002007-01-22T14:34-05:002007-01-22T14:34-05:00Sun Java RunTime Environment GIF Images Buffer Overflow Vulnerability
http://www.securityfocus.com/bid
Java GIF File Parsing Memory Corruption Vulnerability Proof Of Concept (CVE-2007-0243)
#Cid: JvmGifVulPoc.java
#Tested: Sun JRE 1.5
Bugtraqhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-02432007-01-212007-01-212007-01-21Exploit Code Available for Multiple Vulnerabilities in Sun Java Runtime Environment
http://www.us-cert.gov/current/archive/2007/01/10/archive.html#sunjpriv
US-CERT is aware of publicly available exploit code for multiple vulnerabilities in Sun Java Runtime Environment (JRE).
US-CERThttp://www.kb.cert.org/vuls/id/149457http://www.kb.cert.org/vuls/id/939609http://www.kb.cert.org/vuls/id/1022892007-01-102007-01-102007-01-10Sun JDK sandbox escape via native code vulnerabilities
http://scary.beasts.org/security/CESA-2005-008.txt
There are enough methods backed by native code that it is likely to take some time before they are all audited. Until this is done, untrusted applets and applications may not be run with any confidence.
CESA-2005-008http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-67312006-12-19T22:03+00:002006-12-19T22:03+00:002006-12-19T22:03+00:00Security Vulnerabilities in the Java Runtime Environment may Allow Untrusted Applets to Elevate Privileges and Execute Arbitrary Code
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1
Two buffer overflow vulnerabilities in the Java Runtime Environment may independently allow an untrusted applet to elevate its privileges.
Sun Microsystems102729http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6731http://www.kb.cert.org/vuls/id/149457http://www.kb.cert.org/vuls/id/9396092006-12-19T00:00-07:002006-12-19T00:00-07:002006-12-19T00:00-07:00Security Vulnerabilities Related to Serialization in the Java Runtime Environment may Allow Untrusted Applets to Elevate Privileges
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102731-1
Two vulnerabilities related to serialization in the Java Runtime Environment may independently allow an untrusted applet or application to elevate its privileges.
Sun Microsystems102731http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6745http://www.kb.cert.org/vuls/id/1022892006-12-19T00:00-07:002006-12-19T00:00-07:002006-12-19T00:00-07:00Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-07-005.html
Vulnerability Reported
Zero Day Initiative (ZDI)ZDI-07-005http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-02432006-06-162006-06-162006-06-16