Sun Microsystems has issued alerts about vulnerabilities in its Java platform that security researchers describe as critical that could allow attackers to execute malicious code on targeted computers.

The affected software is Sun's Java Web Start and Java Runtime Environment. Weaknesses in the programs could allow applications to grant themselves permissions to write local files or execute other applications, allowing an attacker to gain back-door access to victims' computers. Such an attack could be carried out without any visible symptoms, Sun said.

The vendor recommends users replace earlier J2SE (Java 2 Platform Standard Edition) editions with a more recent version. J2SE 5.0 Update 2, released in March, repairs the flaw. Sun's most recent J2SE 5.0 release is Update 3. J2SE updates are available for download on Sun's website.

Danish security firm Secunia rates the vulnerabilities "highly critical," its second-highest classification, while the French Security Incident Response Team gave it a "critical" rating, that organisation's highest advisory rank. Those rankings are reserved for remotely exploitable vulnerabilities that can be executed without a user's knowledge.