Sun Java JDK / JRE Multiple Vulnerabilities

Multiple vulnerabilities have been identified in Sun Java, which could be exploited by attackers or malicious users to bypass security restrictions, disclose sensitive information, cause a denial of service, or take complete control of an affected system.

1. Due to JRE creating temporary files with insufficiently random names, which could allow malicious users to cause malicious JAR files to be loaded as untrusted applets and Java Web Start applications to access and provide services from localhost and hence steal cookies.

2. A buffer overflow errors in JRE when processing fonts or GIF images, which could allow attackers to execute arbitrary code via an untrusted applet or Java Web Start application.

3. An unspecified error in Java Runtime Environment (JRE), which may allow an untrusted Java Web Start application to make network connections to hosts other than the host that the application is downloaded from.

4. An error in JRE when launching Java Web Start applications, which may allow an untrusted Java Web Start application to escalate privileges.

5. An unspecified error in JRE, which could allow certain trusted operations to be performed, such as modifying system properties.

6. An unspecified error in JRE, which could allow an untrusted Java Web Start application to determine the location of the Java Web Start cache and the username of the user running the Java Web Start application.

7. An unspecified error in Java Web Start and Java Plug-in, which may allow hidden code on a host to make network connections to that host and to hijack HTTP sessions using cookies stored in the browser.

8. An error with applet classloading in JRE, which may allow an untrusted applet to read arbitrary files on a system that the applet runs on and make network connections to hosts other than the host it was loaded from.

9. An error in the Java Web Start BasicService, which could allow untrusted applications that are downloaded from another system to request local files to be displayed by the browser of the user running the untrusted application.

10. An error in the JRE Java Update mechanism that does not check the digital signature of the JRE that it downloads, which may allow a malicious file to be downloaded and installed if the DNS information that the JRE uses when checking for updates is compromised.

11. An unspecified buffer overflow error in Java Runtime Environment (JRE), which may allow an untrusted Java application that is launched through the command line to escalate privileges.

12. An error in JRE related to deserializing calendar objects, which may allow an untrusted applet or application to escalate privileges.

13. A buffer overflow vulnerability in JRE when unpacking applets and Java Web Start applications using the "unpack200" JAR unpacking utility, which may allow an untrusted applet or application to escalate privileges.

14. Due to the UTF-8 (Unicode Transformation Format-8) decoder in JRE accepting encodings that are longer than the "shortest" form, which may be leveraged to exploit systems running software that relies on the JRE UTF-8 decoder to reject non-shortest form sequences.

15. An unspecified error in JRE, which may allow an untrusted applet or application to list the contents of the home directory of the user running the applet or application.

16. An error in the way JRE handles certain RSA public keys, which may cause the JRE to consume an excessive amount of CPU resources, leading to a denial of service condition.

17. An error in JRE when authenticating users through Kerberos, which may lead to an excessive consumption of operating system resources.

18. An errors in the JAX-WS and JAXB packages in JRE where internal classes can be accessed, which may allow an untrusted applet or application to escalate privileges.

19. An error in JRE when parsing zip files, which may allow an untrusted applet or application to read arbitrary memory locations in the process that the applet or application is running in.

20. An error in JRE, which could allow code loaded from the local filesystem to access localhost and steal cookies or hijack sessions (for domains that map a name to the localhost).