This host is installed with Sun Java SE and is prone to multiple vulnerabilities.

Successful exploitation allows remote attacker to execute arbitrary code, gain escalated privileges, bypass security restrictions and cause denial of service attacks inside the context of the affected system. Impact Level: System/Application.

Upgrade to JRE version 6 Update 17 or later. http://java.sun.com/javase/downloads/index.jsp OR Upgrade to JRE version 5 Update 22 http://java.sun.com/javase/downloads/index_jdk5.jsp

Multiple flaws occur due to: - Directory traversal vulnerabilty in 'ICC_Profile.getInstance' method. - Unspecified error in TrueType font parsing functionality. - When a non-English version of Windows is used, the Java Update functionality does not retrieve available new JRE versions. - Failure to clone arrays that are returned by the 'getConfigurations()' function in X11 and Win32GraphicsDevice. - The Abstract Window Toolkit (AWT) does not properly restrict the objects that may be sent to loggers. - Information leak occurs as the application does not prevent the existence of children of a resurrected ClassLoader. - Multiple unspecified errors in the Swing implementation. - The 'TimeZone.getTimeZone' method allows users to probe for the existence of local files via vectors related to handling of zoneinfo. - Error during parsing of BMP files containing UNC ICC links.

Sun Java SE 6 prior to 6 Update 17 Sun Java SE 5 prior to 5 Update 22 on Windows.

• http://java.sun.com/j2se/1.5.0/ReleaseNotes.html
• http://java.sun.com/javase/6/webnotes/6u17.html

---

Updated on 2015-03-25