The Sun Java Runtime Environment contains a buffer overflow vulnerability that may allow an attacker to execute code or read local files.
The Java Runtime Environment (JRE) is a group software packages from Sun Microsystems that allow a computer to access and use Java applications. Sun distributes a JRE plug-in for web browsers that allow websites to include Java applications that can execute in the user's web browser. The JRE is part of the Java Development Kit (JDK).
The International Color Consortium (ICC) supports cross-platform color management systems. One of these systems is the ICC profile format.
A remote, unauthenticated attacker may be able to read or write files and execute code with the privileges of the user who is running the JRE.
Thanks to Sun for information that was used in this report. Sun thanks Chris Evans for reporting this vulnerability.
This document was written by Ryan Giobbi.
|Date First Published:||2007-06-06|
|Date Last Updated:||2007-07-16 22:21 UTC|