Sun Java JDK/JRE JPEG Images Integer Overflow Vulnerability - Aug09

Summary
This host is installed with Sun Java JDK/JRE and is prone to Integer Overflow vulnerability.
Impact
Successful exploitation will allow remote attackers to gain sensitive information, and can cause Denial of Service in the context of the affected system. Impact Level: System/Application
Solution
Upgrade to JDK/JRE version 6 Update 15 http://java.sun.com/javase/downloads/index.jsp or Apply the patch from below link, http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1 http://sunsolve.sun.com/search/document.do?assetkey=1-21-125139-16-1 ***** NOTE: Ignore this warning if above mentioned patch is already applied. *****
Insight
- Integer overflow occurs in JRE while vectors involving an untrusted Java Web Start application that grants permissions to itself, related to parsing of JPEG images. - Error in the Java Management Extensions (JMX) implementation which does not properly enforce OpenType checks. - Error in encoder which grants read access to private variables with unspecified names via an untrusted applet or application. - The plugin functionality does not properly implement version selection, which can be exploited by 'old zip and certificate handling' via unknown vectors. - Unspecified error in the 'javax.swing.plaf.synth.SynthContext.isSubregion' method in the Swing implementation which causes NullPointerException via unknown vectors. - Error in Java Web Start implementation which causes NullPointerException via a crafted '.jnlp' file.
Affected
Sun Java JDK/JRE version 6 before Update 15.
References