iDefense Security Advisory 03.25.09 – Remote exploitation of an integer signedness vulnerability in Sun Microsystems Inc.’s Java JRE could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability exists within the font parsing code in the JRE. As part of its font API, the JRE provides the ability to load a font from a remote URL. iDefense has confirmed the existence of this vulnerability in Sun Microsystem Inc.’s Java JRE version 1.6.0_11 for Windows. Previous versions and versions for other platforms may also be affected.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/76087/03.25.09-1.txt
Source: https://packetstormsecurity.com/files/76087/iDEFENSE-Security-Advisory-2009-03-25.1.html