New flaw identified in JRE

Jan 17, 2007 07:10 GMT  ·  By

Java Runtime Environment is one of the most used internet utilities because it allows you to developed powerful applications as well as attracting animations and website add-ons to be placed on your webpage. If a website contains Java compatible elements, the visitor must install JRE to be able to view webpage's components. Because many pages are based on Java Runtime Environment, it's obvious that a lot of users already installed this utility.

Because I'm sure you also have Java installed, you should know that Sun Microsystems recently confirmed a vulnerability in its development platform, saying that the product contains a security flaw that acts when it tries to process GIF images. The company also added that the affected versions of the product are JDK and JRE 5.0 Update 9 and earlier SDK and JRE 1.4.2_12 and earlier SDK and JRE 1.3.1_18 and earlier.

"This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Sun Microsystems Java Virtual Machine (JVM). User interaction is required to exploit this vulnerability in that the target must visit a malicious website. The specific flaw exists during the parsing of GIF image components. When the image width in an image block of a valid GIF file is set to 0, the Java runtime will allocate the specified size but subsequently copy all data to the under allocated memory chunk. The overflow results in the corruption of multiple pointers, at least one of which is later dereferenced and can therefore result in execution of arbitrary code," Zero Day Initiative said about the flaw.

Sun Microsystems also mentioned that the solution of this vulnerability is to update to the last version of JRE. Softpedia also tested JRE and it is available as a free download HERE.