?

Log in

No account? Create an account
July 13th, 2007 - Adventures in Engineering — LiveJournal
The wanderings of a modern ronin.

Ben Cantrick
  Date: 2007-07-13 14:38
  Subject:   "Dangerous Java flaw threatens virtually everything."
Public
  Tags:  reddit, security

Google's Security team has discovered vulnerabilities in the Sun Java Runtime Environment that threatens the security of all platforms, browsers and even mobile devices.

"This is as bad as it gets," said Chris Gatford, a security expert from penetration testing firm Pure Hacking. "Java runs on everything: cell phones, PDAs, and PCs. This is the problem when you have a vulnerability in something so modular - it affects so many different devices."

"Also, this exploit is browser independent, as long as it invokes a vulnerable Java Runtime Environment," said Gatford.


http://www.zdnetasia.com/news/security/0,39044215,62028389,00.htm?

Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03, and 1.6.x before 1.6.0_01-b06, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2788


Write once - sploit anywhere! ;]

Well, we can always fall back and write everything in C++, right? Uh yeah, about that...
4 Comments | Post A Comment | | Link



browse
May 2015