Intrusion Prevention

Sun.Java.Runtime.Environment.Image.Parsing.Heap.Buffer.Overflow

Description

This indicates an attack attempt against a heap buffer overflow vulnerability in
Sun Java Runtime Environment.
The vulnerability is caused by an error when the vulnerable software handles
a malicious JPEG file. It allows a remote attacker to execute arbitrary code.

Affected Products

JDK and JRE 6 prior to Update 5
JDK and JRE 5.0 prior to Update 15
SDK and JRE prior to 1.4.2_17
SDK and JRE prior to 1.3.1_22

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Upgrade to the following version:
* JDK and JRE 6 Update 5 or later
* JDK and JRE 5.0 Update 15 or later
* Java SE 6: update 5 (as delivered in patch 125136-07 or later)
* Java SE 6: update 5 (as delivered in patch 125137-07 or later (64bit))
* Java SE 6_x86: update 5 (as delivered in patch 125138-07 or later)
* Java SE 6_x86: update 5 (as delivered in patch 125139-07 or later (64bit))
* J2SE 5.0: update 15 (as delivered in patch 118666-16 or later)
* J2SE 5.0: update 15 (as delivered in patch 118667-16 or later (64bit))
* J2SE 5.0_x86: update 15 (as delivered in patch 118668-16 or later)
* J2SE 5.0_x86: update 15 (as delivered in patch 118669-16 or later (64bit))

CVE References

CVE-2008-1193