Multiple improper permission check issues were discovered in the Libraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting components in OpenJDK. A remote attacker could create a crafted XML that would cause a Java application to use an excessive amount of CPU and memory when processed. Multiple errors were discovered in the way the JAXP and Security components processes XML inputs. A remote attacker could use this flaw to supply a crafted XML that would be processed without the intended security restrictions.
The FEATURE_SECURE_PROCESSING setting was not properly honored by the package transformers. An untrusted Java application or applet could use these flaws to corrupt the Java Virtual Machine memory and bypass Java sandbox restrictions.
Java 1.7.0 virtual machiene code#
Multiple input checking flaws were discovered in the JPEG image reading and writing code in the 2D component. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
Multiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. The class loader did not properly check the package access for non-public proxy classes. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. Multiple input checking flaws were found in the 2D component native image parsing code.