TUCoPS :: Web :: Apps :: web5189.htm

java - JRE Bytecode Verifier may be exploited to escalate privileges.
19th Mar 2002 [SBWID-5189]
COMMAND

	JRE Bytecode Verifier may be exploited to escalate privileges.

SYSTEMS AFFECTED

	 All versions up to SDK and JRE 1.3.1_01a

	 Java Web Start 1.0.1_01, 1.0.1, and 1.0

	

PROBLEM

	In Sun Microsystems, Inc. Security Bulletin [#00218] and [#00217] :
	

	--snip--
	

	A vulnerability in the Java(TM) Runtime  Environment  Bytecode  Verifier
	may be exploited by an untrusted applet to escalate privileges.
	

	A  Java(TM)  Web  Start  application  may  gain  access  to   restricted
	resources.
	

	--snapp--
	

	 Editor\'s note

	 =============

	

	Although no other details were given, and it is against  our  publishing
	policy  to  propagate  patch  announcement  disguised  as   a   security
	advisory, the realm of this one might be so hudge that it made it  here.
	For your reading pleasure :-)

SOLUTION

	Update to latest release from [http://www.sun.com]

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH