Attackers have released exploit code targeting two previously patched flaws in Sun Microsystems" Java Runtime Environment (JRE) and Java Software Development Kit (SDK). The flaws could allow an attacker to remotely execute code on a Windows, Linux or Solaris system. Sun issued patches for both vulnerabilities in December. The JRE component allows JavaScript code to be executed on most operating systems, including Windows, Mac OS, Linux and Unix.
The vulnerabilities affect JRE 1.3.x, 1.4.x and 1.5.x, as well as versions 1.3.x and 1.4.x of the SDK and versions 1.5.x of the Java Development Kit. Danish security vendor Secunia rates one of the vulnerabilities as "highly critical", the company"s second-highest level, owing to the possibility for remote code execution.