THREAT OF THE MONTH: Sun/Oracle Java SE
A large number of vulnerabilities are reported in Sun/Oracle Java SE, which affect JDK and JRE 6 Update 25 and earlier, JDK 5.0 Update 29 and earlier and SDK 1.4.2_31 and earlier.
How does it work?
The critical vulnerabilities exist in various libraries and are of different classes. These range from a use-after-free error in the JP2IEXP.dll browser plug-in (when cloning the underlying DOM element) to multiple integer overflow errors in cmm.dll (when parsing various structures in color profiles) and a stack-based buffer overflow in jsound.dll within the “XExpandAiffIma()” function (when parsing IMA4 compressed soundbank streams).
Should I be worried?
Anyone with a vulnerable version installed should be very cautious when viewing web pages containing Java content.
How can I prevent it?
Oracle released updated versions in June, which can be installed to address the vulnerabilities.
From the - August 2011 Issue of SCMagazine »