Vulnerability Solutions |
||
| The WatchMouse Periodic Vulnerability Scan checks for the vulnerability below. To see the most recently added vulnerability solutions that are scanned by WatchMouse, go to the Vulnerability Solutions overview | ||
| Category: Windows | Risk factor: High | Added: 4 Dec 2008 |
| Synopsis: The remote Windows host contains a runtime environment that is affected by multiple vulnerabilities. Description: The version of Sun Java Runtime Environment (JRE) installed on the remote host is earlier than 6 Update 11 / 5.0 Update 17 / 1.4.2_19 / 1.3.1_24. Such versions are potentially affected by the following security issues : - The JRE creates temporary files with insufficiently random names. (244986) - There are multiple buffer overflow vulnerabilities involving the JRE's image processing code, its handling of GIF images, and its font processing. (244987) - It may be possible for an attacker to bypass security checks due to the manner in which it handles the 'non-shortest form' of UTF-8 byte sequences. - There are multiple security vulnerabilities in Java Web Start and Java Plug-in that may allow for privilege escalation. (244988) - A buffer overflow may allow an untrusted Java application that is launched through the commandline to escalate its privileges. (244990) - A vulnerability related to deserializing calendar objects may allow an untrusted applet or application to escalate its privileges. (244991) - The UTF-8 decoder accepts encodings longer than the 'shortest' form. Although not a vulnerability per se, it may be leveraged to exploit software that relies on the JRE UTF-8 decoder to reject the 'non-shortest form' sequence. (245246) - An untrusted applet or application may be able to list the contents of the home directory of the user running the applet or application. (246266) - A vulnerability may be triggered while authenticating users through Kerberos and lead to a system-wide denial of service due to excessive consumption of operating system resources. (246346) - An untrusted applet or application when parsing zip files may be able to read arbitrary memory locations in the process that the applet or application is running. (246386) - The JRE allows code loaded from the local filesystem to access localhost. (246387) See also: http://sunsolve.sun.com/search/document.do?assetkey=1-66-244986-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-244987-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-244988-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-244990-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-244991-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-245246-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-246266-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-246346-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-246386-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-246387-1 http://java.sun.com/javase/6/webnotes/6u11.html http://java.sun.com/j2se/1.5.0/ReleaseNotes.html http://java.sun.com/j2se/1.4.2/ReleaseNotes.html Solution: Update to Sun Java JDK / JRE 6 Update 11, JDK / JRE 5.0 Update 17, SDK / JRE 1.4.2_19, or SDK / JRE 1.3.1_24 or later and remove if necessary any affected versions. Risk factor: High / CVSS Base Score : 9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C) |
||
