U radu programskog paketa Sun Java JRE uočen je sigurnosni nedostatak kojeg napadač može iskoristiti za pokretanje proizvoljnog programskog koda.

Sun Java JRE Insecure Executable Loading Vulnerability
Secunia Advisory 	SA45173 	
Release Date 	2011-07-11
Criticality level 	Highly criticalHighly critical
Impact 	System access
Where 	From remote
Authentication level 	Available in Customer Area
  	 
Report reliability 	Available in Customer Area
Solution Status 	Unpatched
  	 
Systems affected 	Available in Customer Area
Approve distribution 	Available in Customer Area
Remediation status 	Secunia VIM
  	 
Software:	
	Sun Java JRE 1.6.x / 6.x

Secunia CVSS Score 	Available in Customer Area
CVE Reference(s) 	No CVE references.

	   	

Description

ACROS Security has discovered a vulnerability in Sun Java, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to the application loading an executable file in an insecure manner when an out of memory condition occurs. This can be exploited to execute arbitrary programs by tricking a user into e.g. opening a HTML file, which loads an applet located on a remote WebDAV or SMB share.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in version 6 update 26 (build 1.6.0_26-b03). Other versions may also be affected.

Solution
Do not open untrusted files.

Provided and/or discovered by
Jure Skofic and Simon Raner, ACROS Security.

Original Advisory
http://blog.acrossecurity.com/2011/07/binary-planting-goes-any-file-type.html