Affected Systems:
Sun JDK <= 5.0 Update 9
Sun JRE <= 5.0 Update 9
Sun JRE <= 1.4.2 _ 14
Sun SDK <= 1.4.2 _ 14
Unaffected system:
Sun JDK 5.0 Update 10
Sun JRE 5.0 Update 10
Sun JRE 1.4.2 _ 15
Sun SDK 1.4.2 _ 15
Description:
Sun's Java Runtime Environment (JRE) provides a reliable runtime environment for JAVA applications.
The JRE Font Parsing Code has a vulnerability, which may cause unauthorized applets to perform operations with elevated permissions.
Vulnerabilities in JRE Font Parsing Code may allow untrusted applets to escalate permissions. For example, an applet may grant it the permission to read and write local files, or run a local application that is accessible to untrusted Applet users.
<* Source: John Heasman (nisr@nextgenss.com)
Link: http://secunia.com/advisories/26402/
Http://sunsolve.sun.com/search/printfriendly.do? Assetkey = 1 to 26-103024-1
*>
Vendor patch:
Sun
---
Sun released a Security Bulletin (Sun-Alert-103024) and corresponding patches:
Sun-Alert-103024: Vulnerability in the Java Runtime Environment Font Parsing Code may Allow an Untrusted Applet to Elevate Privileges
Link: http://sunsolve.sun.com/search/printfriendly.do? Assetkey = 1 to 26-103024-1
Patch download:
Http://java.sun.com/j2se/1.5.0/download.jsp
Http://java.sun.com/j2se/1.4.2/download.html