The two flaws could be exploited remotely by hackers, with one resulting in the possible execution of code.
Two vulnerabilities open to remote exploitation by hackers have been found in Java Development Kit, one of which could be used to take over a compromised system.
JDK (Java Development Kit) is a software development tool made by Sun Microsystems specifically for Java users. The vulnerabilities were rated "critical" by FrSIRT (French Security Incident Response Team), a security research organization based in France.
One flaw is caused by an integer overflow error in the image parser when processing ICC profiles embedded within JPEG images, according to FrSIRT researchers.
Security experts at Secunia outlined the dangers of the flaw in a separate advisory. "This can be exploited to crash the JVM and potentially allow the execution of arbitrary code by e.g. tricking an application using the JDK to process a malicious image file," Secunia security experts stated.
The second vulnerability is caused by an error in the BMP image parser when processing malformed files on Unix/Linux systems, which could be exploited by attackers to cause a denial of service. Both flaws affect Sun JDK version 1.x.
Users can find an answer to both vulnerabilities by upgrading to
JDK versions 1.5.0_11-b03 or 1.6.0_01-b06.
Copyright 2007 by Ziff Davis Media, Distributed by United Press International
Related stories:
Indonesia to push renewable energy: president
Stung by high oil prices, Indonesia plans to tap more into renewable energies and change course from a "nation that splurges" to one that saves, President Susilo Bambang Yudhoyono said Friday.
Sun Reveals a Slew of Moves at JavaOne
Sun announces that it will open-source Java Development Kit and take on Flash and Microsoft Silverlight.
Palamida Launches Code Vulnerability Reporting Tool
The VRS package enhances CTOs' control over their companies' software by pinpointing known security risks in open-source code, Palamida says.
Researcher: Tools Will Help Personalize ID Theft by 2010
A well-known security expert demonstrates a framework at the CanSecWest conference that makes it easier for criminals to steal identifying data.
Spring Is In the Air
Spring is in the air … and up for grabs? Well, uh, no, apparently not.
BEA Systems Rolls Out WebLogic Server 10
BEA Systems Inc. has announced the general availability of WebLogic Server 10, the latest release of its application server.
ARM Introduces Industry's Fastest Processor For Low-Power Mobile And Consumer Applications
ARM today announced its new Cortex-A8 processor which will revolutionize consumer and low-power mobile devices, enabling the delivery of higher levels of entertainment and innovation to end users. Launched at the second annual ARM Developers' Conference, in Santa Clara, California, the ARM Cortex-A8 processor delivers up to 2,000 DMIPS making it ideal for demanding consumer products running multi-channel video, audio, and gaming applications.
Voting for online democracy
The Internet may be used to power elections in towns, cities, countries, and even across Europe thanks to the work of a recently completed project. It would mean voters could cast their ballots at home, in the street via mobile phones, or even when in another country.
That's the promise of e-Vote, an IST programme-funded project that drew together experts in systems design and analysis, computer programming and high-grade security.