Last May, there was an advisory published by Chris Evans about image parsing library vulnerabilities in Sun's JDK: http://scary.beasts.org/security/CESA-2006-004.html This seems to have resulted in Bugtraq 24267 / CVE-2007-3004 duplicating Bugtraq 24004 / CVE-2007-2788 and CVE-2007-2789. Steve, any ideas? George -- theall at tenablesecurity.com