Sun has officially announced that it has fixed a highly critical vulnerability in its Java Runtime Environment (JRE). The flaw was first reported to Sun six months ago, but the public's just finding out about it this week.

Sun ALERT 102760 has labeled the flaw as a security vulnerability in processing GIF images in Java that could possibly allow an untrusted applet to elevate privileges.

The flaw stems from a buffer overflow vulnerability in how Java processes GIF images.

"For example, an applet may grant itself permissions to read and write local files or execute local applications with the privileges of the user running the untrusted applet," Sun's advisory warns.

Sun has identified that the flaw affects versions of the JRE running on Windows, Solaris and Linux. The Sun advisory specifically notes that JDK and JRE 5.0 Update 9 and earlier, DK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier are vulnerable to the flaw.

This article was first published on InternetNews.com. To read the full article, click here.