Sun Java

Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in
JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK
and JRE 1.3.x?before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24
allows remote attackers to gain privileges via a crafted image file,
aka Bug Id 6862969. Sun Java SE in JDK and JRE 5.0 before Update 22,
JDK and JRE 6 before Update 17, SDK and?JRE 1.3.x before 1.3.1_27, and
SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color
profiles, which allows remote attackers to gain privileges via a
crafted image file.

Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in
JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK
and JRE 1.3.x?before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24
allows remote attackers to gain privileges via a crafted image file,
aka Bug Id 6862969. Sun Java SE in JDK and JRE 5.0 before Update 22,
JDK and JRE 6 before Update 17, SDK and?JRE 1.3.x before 1.3.1_27, and
SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color
profiles, which allows remote attackers to gain privileges via a
crafted image file.

Suggested articles

Slideshow: Scenes from Black Hat USA 2013

Scenes from this year’s hacking conference in Las Vegas, Nev. include a keynote by General Keith B. Alexander, Director of the National Security Agency and talks by researchers Karsten Nohl and Ralf-Phillip Weinmann.

Ryan McGeehan and Chad Greene

More from CanSecWest 2013

Pwn2Own, Pwnium Attract Dollars and 0-Days by the BushelGroundbreaking Cyber Fast Track Research Program EndingAt Pwn2Own, Browser Exploits Gett

Ryan McGeehan and Chad Greene

Ryan McGeehan, the director of incident response at Facebook and Chad Greene, the manager of the Facebook CERT on Thursday both explained how the social network has planned red team exercises in the past to prepare the company’s security team for a real attack.

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.