Carsten Eiram, chief security specialist, Secunia
August 01, 2011
Threat of the month

THREAT OF THE MONTH: Sun/Oracle Java SE

What is it?
A large number of vulnerabilities are reported in Sun/Oracle Java SE, which affect JDK and JRE 6 Update 25 and earlier, JDK 5.0 Update 29 and earlier and SDK 1.4.2_31 and earlier.

How does it work?
The critical vulnerabilities exist in various libraries and are of different classes. These range from a use-after-free error in the JP2IEXP.dll browser plug-in (when cloning the underlying DOM element) to multiple integer overflow errors in cmm.dll (when parsing various structures in color profiles) and a stack-based buffer overflow in jsound.dll within the “XExpandAiffIma()” function (when parsing IMA4 compressed soundbank streams).

Should I be worried?
Anyone with a vulnerable version installed should be very cautious when viewing web pages containing Java content.

How can I prevent it?
Oracle released updated versions in June, which can be installed to address the vulnerabilities.
 
From the August 2011 Issue of SCMagazine »
Related Articles
close

Next Article in Research

Advertisement

How to Prevent Insider Threats!

POLL

More in Research

2013 eBook on surviving SIEM

2013 eBook on surviving SIEM

Protecting mission-critical systems against cyber attacks has become a national priority for government, critical infrastructure and military sites, and a business priority for corporations.

2013 eBook on cyber espionage

2013 eBook on cyber espionage

Nation-states can now skip over costly and time-consuming R&D by stealing corporate and government data and turning that information into a competitive advantage.

2013 eBook on Advanced Persistent Threats

2013 eBook on Advanced Persistent Threats

APTs - most often taking the form of cyber criminal campaigns out for financial gain or trade secrets - have impacted some of the largest organizations and government agencies in ...