Sun Java JDK/JRE JPEG Images Integer Overflow Vulnerability - Aug09

This host is installed with Sun Java JDK/JRE and is prone to Integer Overflow vulnerability.

Multiple flaws exist: - Integer overflow occurs in JRE while vectors involving an untrusted Java Web Start application that grants permissions to itself, related to parsing of JPEG images. - Error in the Java Management Extensions (JMX) implementation which does not properly enforce OpenType checks. - Error in encoder which grants read access to private variables with unspecified names via an untrusted applet or application. - The plugin functionality does not properly implement version selection, which can be exploited by 'old zip and certificate handling' via unknown vectors. - Unspecified error in the 'javax.swing.plaf.synth.SynthContext.isSubregion' method in the Swing implementation which causes NullPointerException via unknown vectors. - Error in Java Web Start implementation which causes NullPointerException via a crafted '.jnlp' file.

Sun Java JDK/JRE version 6 before Update 15.

Upgrade to JDK/JRE version 6 Update 15.