Sun Java - Security Release for critical vulnerabilities

  Users with Sun Java installed should update their systems to protect their brower and PC environment from malicious websites that could affect security controls.

Sun Java Runtime Environment Sandbox Security Bypass Vulnerabilities
http://www.frsirt.com/english/advisories/2006/0467

Advisory ID : FrSIRT/ADV-2006-0467
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-02-08

Technical Description: Seven vulnerabilities were identified in Sun Java JRE (Java Runtime Environment), which could be exploited by malicious web sites to compromise a vulnerable system. These flaws are due to errors in the "reflection" APIs, which could be exploited by attackers to read, write, and execute arbitrary files by convincing a user to visit a specially crafted web page containing a malicious applet.

Affected Products
JDK 5.0 Update 4 and prior
JRE 5.0 Update 4 and prior
SDK 1.4.2_09 and prior
JRE 1.4.2_09 and prior
SDK 1.3.1_16 and prior
JRE 1.3.1_16 and prior

Solution:

JDK and JRE 5.x - Upgrade to JDK and JRE 5.0 Update 6 :
http://java.sun.com/j2se/1.5.0/download.jsp

SDK and JRE 1.4.x - Upgrade to SDK and JRE 1.4.2_10 :
http://java.sun.com/j2se/1.4.2/download.html

SDK and JRE 1.3.x - Upgrade to SDK and JRE 1.3.1_17 :
http://java.sun.com/j2se/1.3/download.html

Reference
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102171-1