A new exploit code has been seen in the wild that attacks Windows, Unix, Linux, and Mac OSX systems. Given this ambitious range of targets, the exploit itself is rather old-style and short, but effective.It takes advantage of a buffer overflow vulnerability in Sun’s Java Runtime Environment. It occurs when a specially crafted file://URL argument is passed to the getSoundbank() function that can allow a remote attacker to execute arbitrary code.
PC Tools iAntivirus detects the exploit code as Exploit.OSX.Snid.b in the latest database.
The said vulnerability (CVE-2009-3867) is discussed here .
Users are highly advised to upgrade to the latest versions from the following link:
http://java.sun.com/
