CVE-2007-2789

Name of the Vulnerable Software and Affected Versions Sun Java Development Kit (JDK) versions 1.3.1 through 1.5.0 10 Sun Java Runtime Environment (JRE) versions 1.3.1 through 1.5.0 10 Sun Java Development Kit (JDK) versions 1.6.x prior to 1.6.0 01-b06 Sun Java Runtime Environment (JRE) 6 versions prior to 1.6.0 01-b06

Description The issue allows remote attackers to cause a denial of service, resulting in a JVM hang, via untrusted applets or applications that open arbitrary local files using a crafted BMP file. This can be achieved by accessing local files such as /dev/tty.

Recommendations For Sun Java Development Kit (JDK) versions 1.3.1 through 1.5.0 10, update to version 1.5.0 11-b03 or later. For Sun Java Runtime Environment (JRE) versions 1.3.1 through 1.5.0 10, update to version 1.5.0 11-b03 or later. For Sun Java Development Kit (JDK) versions 1.6.x prior to 1.6.0 01-b06, update to version 1.6.0 01-b06 or later. For Sun Java Runtime Environment (JRE) 6 versions prior to 1.6.0 01-b06, update to version 1.6.0 01-b06 or later.