A vulnerability in the Sun Java Runtime Environment may allow an attacker to execute arbitrary code on a vulnerable system.
The Sun Java Runtime Environment (JRE) allows users to run Java applications in a browser or as standalone programs. Sun has made the JRE available for multiple operating systems. When a GIF image with a specified width of 0 is processed, the Sun JRE will overwrite memory contents, which can cause pointer corruption.
Note that exploit code for this vulnerability is publicly available.
A remote unauthenticated attacker may be able to execute arbitrary code.
Apply an update
Sun Microsystems, Inc.
Apple Computer, Inc.
Thanks to ZDI for reporting this vulnerability, who in turn credit an anonymous researcher.
This document was written by Will Dormann.
|Date First Published:||2007-01-17|
|Date Last Updated:||2007-05-16 18:57 UTC|