eTrust Directory
Web Components and JRE vulnerability

A vulnerability has been reported in the Sun Java Runtime Environment (JRE) which can be exploited by malicious people to compromise a vulnerable system. This vulnerability may be exploited in the JXplorer and JXweb components. DXserver and DXtools are not at risk.

The vulnerability is caused due to an error when processing GIF images and can be exploited to cause a heap-based buffer overflow via a specially crafted GIF image with an image width of 0.

Successful exploitation allows execution of arbitrary code.

The vulnerability is reported in the following versions:

• JDK and JRE 5.0 Update 9 and prior.
• SDK and JRE 1.4.2_12 and prior.
• SDK and JRE 1.3.1_18 and prior.

Remedy:

• if you are working with JDK/JRE 5.0 Update 9 and prior please update it to JDK/JRE 5.0 update 10
  
  
• if you are working with SDK/JRE 1.4.2_12 and prior please update it to SDK/JRE 1.4.2_13
  
  
• if you are working with SDK/JRE 1.3.1_18 and prior please update it to SDK/JRE 1.3.1_19

Please go through this link for more information: vulnerability in Sun JRE.