• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Sun Java Runtime Environment Font Parsing Remote Privilege Escalation Vulnerability

Bugtraq ID:	25340
Class:	Access Validation Error
CVE:	CVE-2007-4381
Remote:	Yes
Local:	No
Published:	Aug 15 2007 12:00AM
Updated:	Apr 28 2008 08:46PM
Credit:	John Heasman of NGSSoftware is credited with the discovery of this vulnerability.
Vulnerable:	Sun SDK (Windows Production Release) 1.4.2 _08 Sun SDK (Windows Production Release) 1.4.2 _05 Sun SDK (Windows Production Release) 1.4.2 _04 Sun SDK (Windows Production Release) 1.4.2 _03 Sun SDK (Windows Production Release) 1.4.2 Sun SDK (Windows Production Release) 1.4.2 Sun SDK (Windows Production Release) 1.4.2 Sun SDK (Windows Production Release) 1.4.2_14 Sun SDK (Windows Production Release) 1.4.2_13 Sun SDK (Windows Production Release) 1.4.2_12 Sun SDK (Windows Production Release) 1.4.2_11 Sun SDK (Solaris Production Release) 1.4.2 _08 Sun SDK (Solaris Production Release) 1.4.2 _05 Sun SDK (Solaris Production Release) 1.4.2 _04 Sun SDK (Solaris Production Release) 1.4.2 _03 Sun SDK (Solaris Production Release) 1.4.2 Sun SDK (Solaris Production Release) 1.4.2 Sun SDK (Solaris Production Release) 1.4.2 Sun SDK (Solaris Production Release) 1.4.2_14 Sun SDK (Solaris Production Release) 1.4.2_13 Sun SDK (Solaris Production Release) 1.4.2_12 Sun SDK (Solaris Production Release) 1.4.2_11 Sun SDK (Linux Production Release) 1.4.2 _08 Sun SDK (Linux Production Release) 1.4.2 _05 Sun SDK (Linux Production Release) 1.4.2 _04 Sun SDK (Linux Production Release) 1.4.2 _03 Sun SDK (Linux Production Release) 1.4.2 _02 Sun SDK (Linux Production Release) 1.4.2 _01 Sun SDK (Linux Production Release) 1.4.2 Sun SDK (Linux Production Release) 1.4.2 Sun SDK (Linux Production Release) 1.4.2 Sun SDK (Linux Production Release) 1.4.2_14 Sun SDK (Linux Production Release) 1.4.2_13 Sun SDK (Linux Production Release) 1.4.2_12 Sun SDK (Linux Production Release) 1.4.2_11 Sun JRE (Windows Production Release) 1.5 _06 Sun JRE (Windows Production Release) 1.5 Sun JRE (Windows Production Release) 1.4.2 _06 Sun JRE (Windows Production Release) 1.4.2 _05 Sun JRE (Windows Production Release) 1.4.2 _05 Sun JRE (Windows Production Release) 1.4.2 _04 Sun JRE (Windows Production Release) 1.4.2 _03 Sun JRE (Windows Production Release) 1.4.2 _02 Sun JRE (Windows Production Release) 1.4.2 _01 Sun JRE (Windows Production Release) 1.4.2 Sun JRE (Windows Production Release) 1.4.2 Sun JRE (Windows Production Release) 1.4.2 Sun JRE (Windows Production Release) 1.4.2 Sun JRE (Windows Production Release) 1.4.2 Sun JRE (Windows Production Release) 1.5.0.0_09 Sun JRE (Windows Production Release) 1.5.0.0_08 Sun JRE (Windows Production Release) 1.5.0.0_07 Sun JRE (Windows Production Release) 1.4.2_14 Sun JRE (Windows Production Release) 1.4.2_13 Sun JRE (Windows Production Release) 1.4.2_12 Sun JRE (Windows Production Release) 1.4.2_11 Sun JRE (Solaris Production Release) 1.5 _06 Sun JRE (Solaris Production Release) 1.5 _01 Sun JRE (Solaris Production Release) 1.5 Sun JRE (Solaris Production Release) 1.4.2 _06 Sun JRE (Solaris Production Release) 1.4.2 _05 Sun JRE (Solaris Production Release) 1.4.2 _04 + Opera Software Opera Web Browser 7.54 Sun JRE (Solaris Production Release) 1.4.2 _03 Sun JRE (Solaris Production Release) 1.4.2 _02 Sun JRE (Solaris Production Release) 1.4.2 _01 Sun JRE (Solaris Production Release) 1.4.2 Sun JRE (Solaris Production Release) 1.4.2 Sun JRE (Solaris Production Release) 1.4.2 Sun JRE (Solaris Production Release) 1.4.2 Sun JRE (Solaris Production Release) 1.4.2 Sun JRE (Solaris Production Release) 1.5.0.0_09 Sun JRE (Solaris Production Release) 1.5.0.0_08 Sun JRE (Solaris Production Release) 1.5.0.0_07 Sun JRE (Solaris Production Release) 1.4.2_14 Sun JRE (Solaris Production Release) 1.4.2_13 Sun JRE (Solaris Production Release) 1.4.2_12 Sun JRE (Solaris Production Release) 1.4.2_11 Sun JRE (Linux Production Release) 1.5 _07 Sun JRE (Linux Production Release) 1.5 _05 Sun JRE (Linux Production Release) 1.5 _04 Sun JRE (Linux Production Release) 1.5 _03 Sun JRE (Linux Production Release) 1.5 _02 Sun JRE (Linux Production Release) 1.5 _01 Sun JRE (Linux Production Release) 1.4.2 _10 Sun JRE (Linux Production Release) 1.4.2 _06 Sun JRE (Linux Production Release) 1.4.2 _05 Sun JRE (Linux Production Release) 1.4.2 _04 + Opera Software Opera Web Browser 7.54 Sun JRE (Linux Production Release) 1.4.2 _03 Sun JRE (Linux Production Release) 1.4.2 _02 Sun JRE (Linux Production Release) 1.4.2 _01 Sun JRE (Linux Production Release) 1.4.2 Sun JRE (Linux Production Release) 1.4.2 Sun JRE (Linux Production Release) 1.4.2 Sun JRE (Linux Production Release) 1.4.2 Sun JRE (Linux Production Release) 1.4.2 Sun JRE (Linux Production Release) 1.5.0_09 Sun JRE (Linux Production Release) 1.5.0_08 Sun JRE (Linux Production Release) 1.4.2_13 Sun JRE (Linux Production Release) 1.4.2_12 Sun JRE (Linux Production Release) 1.4.2_11 Sun JDK (Windows Production Release) 1.5 .0_05 Sun JDK (Windows Production Release) 1.5 .0_04 Sun JDK (Windows Production Release) 1.5 .0_03 Sun JDK (Windows Production Release) 1.5 Sun JDK (Windows Production Release) 1.5.0.0_09 Sun JDK (Windows Production Release) 1.5.0.0_08 Sun JDK (Solaris Production Release) 1.5 0_09 Sun JDK (Solaris Production Release) 1.5 .0_05 Sun JDK (Solaris Production Release) 1.5 .0_04 Sun JDK (Solaris Production Release) 1.5 .0_03 Sun JDK (Solaris Production Release) 1.5 Sun JDK (Linux Production Release) 1.5 _07 Sun JDK (Linux Production Release) 1.5 .0_05 Sun JDK (Linux Production Release) 1.5 .0_04 Sun JDK (Linux Production Release) 1.5 .0_03 Sun JDK (Linux Production Release) 1.5 Sun JDK (Linux Production Release) 1.5 Sun JDK (Linux Production Release) 1.5.0.0_09 Sun JDK (Linux Production Release) 1.5.0.0_08 S.u.S.E. SUSE Linux Enterprise Server 10 SP1 S.u.S.E. SUSE Linux Enterprise Desktop 10 SP1 S.u.S.E. SLE SDK 10.SP1 S.u.S.E. Open-Enterprise-Server 0 S.u.S.E. Novell Linux POS 9 S.u.S.E. Linux Enterprise Server 9 S.u.S.E. CORE 9 RedHat Enterprise Linux Supplementary 5 server RedHat Enterprise Linux Extras 4 RedHat Enterprise Linux Extras 3 RedHat Enterprise Linux Desktop Supplementary 5 client RedHat Enterprise Linux Desktop 5 client Gentoo Linux BEA Systems JRockit 1.4.2 BEA Systems JRockit R27.3.1 BEA Systems JRockit 5.0 Apple Mac OS X Server 10.4.11 Apple Mac OS X Server 10.4.10 Apple Mac OS X 10.4.11 Apple Mac OS X 10.4.10
Not Vulnerable:	Sun SDK (Windows Production Release) 1.4.2 _15 Sun SDK (Solaris Production Release) 1.4.2 _15 Sun SDK (Linux Production Release) 1.4.2 _15 Sun JRE (Windows Production Release) 1.5.0_10 Sun JRE (Windows Production Release) 1.4.2_15 Sun JRE (Solaris Production Release) 1.5.0_10 Sun JRE (Solaris Production Release) 1.4.2_15 Sun JRE (Linux Production Release) 1.5.0_10 Sun JRE (Linux Production Release) 1.4.2_15 Sun JDK (Windows Production Release) 1.5 0_10 Sun JDK (Solaris Production Release) 1.5 0_10 Sun JDK (Linux Production Release) 1.5 0_10