* Java Runtime Environment version 1.6.0u17 on Windows XP SP2
* Java Runtime Environment version 1.6.0u17 on Windows XP SP3
The JRE is a platform that supports the execution of programs that are developed using the Java programming language. It is available for multiple platforms, including Windows, Linux and MacOS. The JRE platform also supports Java Applets, which can be loaded from Web pages. During the processing of an image file, user-controlled data is trusted and can result in an undersized allocation of a heap buffer. A copy operation into the heap buffer can lead to a heap overflow condition within the JRE. This condition may allow a remote attacker to subvert execution control and execute arbitrary code.
Exploitation of this vulnerability results in the execution of arbitrary code with the privileges of the user viewing the Web page. To exploit this vulnerability, a targeted user must visit a website and load a malicious Java Applet created by an attacker. An attacker typically accomplishes this via social engineering or injecting content into a compromised, trusted site.