---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. Join the FREE BETA test of the Network Software Inspector (NSI)! http://secunia.com/network_software_inspector/ The NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. ---------------------------------------------------------------------- TITLE: BEA JRockit Multiple Vulnerabilities SECUNIA ADVISORY ID: SA25283 VERIFY ADVISORY: http://secunia.com/advisories/25283/ CRITICAL: Highly critical IMPACT: Security Bypass, Privilege escalation, System access WHERE: >From remote SOFTWARE: BEA JRockit 1.x http://secunia.com/product/13274/ DESCRIPTION: Some vulnerabilities have been reported in JRockit, which can be exploited by malicious people to bypass certain security restrictions or to compromise a vulnerable system. 1) Some errors in BEA JRockit can be exploited to compromise a vulnerable system. For more information: SA23445 2) An error in the processing of GIF images can be exploited to compromise a vulnerable system For more information: SA23757 3) An error within the use of system classes can be exploited by a non-trusted application to gain escalated privileges. For more information: SA25069 The vulnerabilities affect releases prior to BEA JRockit R26.0.0 1.4.2_07 and BEA JRockit R26.0.0 1.5.0_04. SOLUTION: Apply patches or update to the latest version (see vendor advisories for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: 1) http://dev2dev.bea.com/pub/advisory/240, http://dev2dev.bea.com/pub/advisory/243 2) http://dev2dev.bea.com/pub/advisory/242 3) http://dev2dev.bea.com/pub/advisory/241 OTHER REFERENCES: SA23445: http://secunia.com/advisories/23445/ SA23757: http://secunia.com/advisories/23757/ SA25069: http://secunia.com/advisories/25069/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------