PM13878: SUN SECURITY BULLETIN : 6862844

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • Error Message: A security vulnerability in the Active Template
    Library(ATL) in various releases of Microsoft Visual Studio that
    is used by the Java Web Start ActiveX control may allow the Java
    Web Start ActiveX control to be leveraged to execute arbitrary
    code. This may occur as the result of a user of the Java Runtime
    Environment viewing a specially crafted web page that exploits
    this vulnerability.
    .
    Stack Trace: N/A
    .
    N/A
    

Local fix

  • N/A
    

Problem summary

  • The problem use to be happening because of the usage of Active
    Template Library (ATL) PROP_ENTRY macros.
    

Problem conclusion

  • This defect will be fixed in:
    1.4.2 SR13 FP5
    .
    JVM has been updated to avoid the vulnerability.
    .
    To obtain the fix:
    Install build 20100529 or later
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM13878

  • Reported component name

    JAVA(1.3/1.4 CO

  • Reported component ID

    5648C9800

  • Reported release

    42A

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2010-05-06

  • Closed date

    2010-06-22

  • Last modified date

    2010-06-22

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    JAVA(1.3/1.4 CO

  • Fixed component ID

    5648C9800

Applicable component levels

  • R42A PSN

       UP

  • R42L PSN

       UP

  • R42W PSN

       UP

  • R420 PSN

       UP



Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

z/OS family

Software version:

1.4.2

Reference #:

PM13878

Modified date:

2010-06-22

Translate my page

Machine Translation

Content navigation