In association with heise online

16 August 2007, 20:30

Crafted fonts undermine Java security

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

In an alert notification, Sun has announced a vulnerability in its Java Runtime Environment (JRE) that may allow an untrusted applet to elevate its system privileges and access local files, generate new files or execute local applications. The problem is caused by an unspecified vulnerability in the parsing code for fonts that are embedded in applets.

The Solaris, Windows and Linux versions of JDK and JRE 5.0 Update 9 and earlier, as well as SDK and JRE 1.4.2_14 and earlier are all affected. JDK and JRE 6 and SDK and JRE 1.3.1_xx are not vulnerable. The issue was resolved in JDK and JRE 5.0 Update 10 which has been available for quite some time. In Java 1.4, the current versions of SDK and JRE 1.4.2_15 resolve the problem.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit