Zero Day Initiative Advisory 11-183 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the way Java handles color profiles. When parsing a color profile containing a invalid MultiLanguage 'mluc' tag it is possible to cause an integer to wrap during an arithmetic operation. This new value is used to allocate memory on the heap. A remote attacker can abuse the faulty code to execute code under the context of the user running the browser.
7e0d49ef311a48a90d62b1e21bf5d79a85918153e08ac3ba9add9aadb19c1620
Red Hat Security Advisory 2011-0857-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Integer overflow flaws were found in the way Java2D parsed JPEG images and user-supplied fonts. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted applet or application. It was found that the MediaTracker implementation created Component instances with unnecessary access privileges. A remote attacker could use this flaw to elevate their privileges by utilizing an untrusted applet or application that uses Swing. Various other issues were also addressed.
afd4e81a2dd219864c346af58a66fae5a0fae7090eba420dd5e3b78ed53286c9
Red Hat Security Advisory 2011-0856-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Integer overflow flaws were found in the way Java2D parsed JPEG images and user-supplied fonts. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted applet or application. It was found that the MediaTracker implementation created Component instances with unnecessary access privileges. A remote attacker could use this flaw to elevate their privileges by utilizing an untrusted applet or application that uses Swing. Various other issues were also addressed.
8a1c7e56402963170d1f3c42e5ff1376f2c517a2432f75d3a4f6714cd83cad69