Crafted fonts undermine Java security
In an alert notification, Sun has announced a vulnerability in its Java Runtime Environment (JRE) that may allow an untrusted applet to elevate its system privileges and access local files, generate new files or execute local applications. The problem is caused by an unspecified vulnerability in the parsing code for fonts that are embedded in applets.
The Solaris, Windows and Linux versions of JDK and JRE 5.0 Update 9 and earlier, as well as SDK and JRE 1.4.2_14 and earlier are all affected. JDK and JRE 6 and SDK and JRE 1.3.1_xx are not vulnerable. The issue was resolved in JDK and JRE 5.0 Update 10 which has been available for quite some time. In Java 1.4, the current versions of SDK and JRE 1.4.2_15 resolve the problem.
- Vulnerability in the Java Runtime Environment Font Parsing Code may Allow an Untrusted Applet to Elevate Privileges, Sun alert notification