CVE-2007-2788

Name of the Vulnerable Software and Affected Versions Sun Java Development Kit (JDK) versions 1.3.1 through 1.5.0 10 Sun Java Development Kit (JDK) versions 1.6.x prior to 1.6.0 01-b06 Sun Java Runtime Environment (JRE) versions 1.3.1 through 1.5.0 10 Sun Java Runtime Environment (JRE) versions 1.6.x prior to 1.6.0 01-b06

Description The issue is caused by an integer overflow in the embedded ICC profile image parser, allowing remote attackers to execute arbitrary code or cause a denial of service via a crafted JPEG or BMP file that triggers a buffer overflow.

Recommendations For Sun Java Development Kit (JDK) versions 1.3.1 through 1.5.0 10, update to version 1.5.0 11-b03 or later. For Sun Java Development Kit (JDK) versions 1.6.x prior to 1.6.0 01-b06, update to version 1.6.0 01-b06 or later. For Sun Java Runtime Environment (JRE) versions 1.3.1 through 1.5.0 10, update to version 1.5.0 11-b03 or later. For Sun Java Runtime Environment (JRE) versions 1.6.x prior to 1.6.0 01-b06, update to version 1.6.0 01-b06 or later.