Vulnerability Note VU#138545
Java Runtime Environment Image Parsing Code buffer overflow vulnerability
The Sun Java Runtime Environment contains a buffer overflow vulnerability that may allow an attacker to execute code or read local files.
The Java Runtime Environment (JRE) is a group software packages from Sun Microsystems that allow a computer to access and use Java applications. Sun distributes a JRE plug-in for web browsers that allow websites to include Java applications that can execute in the user's web browser. The JRE is part of the Java Development Kit (JDK).
The International Color Consortium (ICC) supports cross-platform color management systems. One of these systems is the ICC profile format.
Note that an attacker may be able to exploit this vulnerability by convincing a user to open a website that hosts a specially crafted Java applet.
A remote, unauthenticated attacker may be able to read or write files and execute code with the privileges of the user who is running the JRE.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Sun Microsystems, Inc.||Affected||-||06 Jun 2007|
CVSS Metrics (Learn More)
Thanks to Sun for information that was used in this report. Sun thanks Chris Evans for reporting this vulnerability.
This document was written by Ryan Giobbi.
- CVE IDs: CVE-2007-2788
- Date Public: 04 Jun 2007
- Date First Published: 06 Jun 2007
- Date Last Updated: 16 Jul 2007
- Severity Metric: 12.39
- Document Revision: 17
If you have feedback, comments, or additional information about this vulnerability, please send us email.