Carsten Eiram, chief security specialist, Secunia
August 01, 2011
Threat of the month

THREAT OF THE MONTH: Sun/Oracle Java SE

What is it?
A large number of vulnerabilities are reported in Sun/Oracle Java SE, which affect JDK and JRE 6 Update 25 and earlier, JDK 5.0 Update 29 and earlier and SDK 1.4.2_31 and earlier.

How does it work?
The critical vulnerabilities exist in various libraries and are of different classes. These range from a use-after-free error in the JP2IEXP.dll browser plug-in (when cloning the underlying DOM element) to multiple integer overflow errors in cmm.dll (when parsing various structures in color profiles) and a stack-based buffer overflow in jsound.dll within the “XExpandAiffIma()” function (when parsing IMA4 compressed soundbank streams).

Should I be worried?
Anyone with a vulnerable version installed should be very cautious when viewing web pages containing Java content.

How can I prevent it?
Oracle released updated versions in June, which can be installed to address the vulnerabilities.
 
From the August 2011 Issue of SCMagazine »
Related Articles
close

Next Article in Research

Sign up for our newsletters

POLL

More in Research

Mobile security

Mobile security

BYOD has enhanced productivity, but increased security concerns.

Virtualization

Virtualization

Although the promise of reduced costs has appealed to many enterprises looking to migrate legacy network systems to virtualization, security experts warn that the move must not trump careful contemplation ...

Application security

Application security

The threats to applications are evolving beyond the simple notion of "find exploit, access system, steal current data."