Sun Java JDK/JRE Multiple Vulnerabilities - Nov09 (Win)

Summary
This host is installed with Sun Java JDK/JRE and is prone to Multiple Vulnerabilities.
Impact
Successful exploitation allows remote attacker to execute arbitrary code, gain escalated privileges, bypass security restrictions and cause denial of service attacks inside the context of the affected system. Impact Level: System/Application.
Solution
Upgrade to JDK/JRE version 6 Update 17 or later. http://java.sun.com/javase/downloads/index.jsp OR Upgrade to JDK/JRE version 5 Update 22 http://java.sun.com/javase/downloads/index_jdk5.jsp OR Upgrade to JDK/JRE version 1.4.2_24 http://java.sun.com/j2se/1.4.2/download.html OR Upgrade to JDK/JRE version 1.3.1_27 http://java.sun.com/j2se/1.3/download.html
Insight
Multiple flaws occur due to, - Error when decoding 'DER' encoded data and parsing HTTP headers. - Error when verifying 'HMAC' digests. - Interger overflow error in the 'JPEG JFIF' Decoder while processing malicious image files. - A buffer overflow error in the 'setDiffICM()' and 'setBytePixels()' functions in the Abstract Window Toolkit (AWT). - Unspecified error due to improper parsing of color profiles of images. - A buffer overflow error due to improper implementation of the 'HsbParser.getSoundBank()' function. - Three unspecified errors when processing audio or image files.
Affected
Sun Java JDK/JRE 6 prior to 6 Update 17 Sun Java JDK/JRE 5 prior to 5 Update 22 Sun Java JDK/JRE 1.4.x prior to 1.4.2_24 Sun Java JDK/JRE 1.3.x prior to 1.3.1_27 on Windows.
References