‫ Oracle Java Multiple Vulnerabilities

IRCAD2013062747
ID: IRCAD2013062747
Release Date: 2013-06-19
Criticality level: Highly critical
Software:
Oracle Java JDK 1.5.x / 5.x
Oracle Java JDK 1.7.x / 7.x
Oracle Java JRE 1.7.x / 7.x
Sun Java JDK 1.6.x / 6.x
Sun Java JRE 1.5.x / 5.x
Sun Java JRE 1.6.x / 6.x
Description:                                                         
Multiple vulnerabilities have been reported in Oracle Java, which can be exploited by malicious, local users to disclose certain sensitive information, manipulate certain data, and gain escalated privileges and by malicious people to conduct spoofing attacks, disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
1) An unspecified error in the 2D component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
2) An unspecified error in the 2D component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
3) An unspecified error in the 2D component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
4) An unspecified error in the 2D component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
5) An unspecified error in the 2D component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
6) An unspecified error in the 2D component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
7) An unspecified error in the 2D component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
8) An unspecified error in the 2D component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
9) An unspecified error in the AWT component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
10) An unspecified error in the Deployment component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
11) An unspecified error in the Deployment component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
12) An unspecified error in the AWT component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
13) An unspecified error in the Deployment component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
14) An unspecified error in the Serviceability component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
15) An unspecified error in the Hotspot component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to cause a DoS.
16) An unspecified error in the Sound component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
17) An unspecified error in the Deployment component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
18) An unspecified error in the Libraries component of the client and server deployment can be exploited to potentially execute arbitrary code.
19) An unspecified error in the Install component of the client installer can be exploited by local user to gain escalated privileges.
20) An unspecified error in the Libraries component of the client and server deployment can be exploited to disclose certain data and cause a DoS.
21) An unspecified error in the JDBC component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose certain data and manipulate certain data.
22) An unspecified error in the Libraries component of the client deployment can be exploited to disclose certain data and manipulate certain data.
23) An unspecified error in the AWT component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to cause a DoS.
24) An unspecified error in the CORBA component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose certain data.
25) An unspecified error in the Deployment component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose certain data.
26) An unspecified error in the Deployment component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to manipulate certain data.
27) An unspecified error in the Deployment component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to manipulate certain data.
28) An unspecified error in the JMX component of the client and server deployment can be exploited via to manipulate certain data.
29) An unspecified error in the JMX component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to manipulate certain data.
30) An unspecified error in the Libraries component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose certain data.
31) An unspecified error in the Libraries component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose certain data.
32) An unspecified error in the Libraries component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose certain data.
33) An unspecified error in the Networking component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose certain data.
34) An unspecified error in the Serialization component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to cause a DoS.
35) An unspecified error in the Serialization component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose certain data.
36) An unspecified error in the Serviceability component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose certain data.
37) An unspecified error in the Libraries component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose certain data.
38) Certain unspecified input passed via the URL to documentation generated with the Javadoc tool is not properly verified before being used to display content in frames. This can be exploited to display arbitrary content e.g. when a user clicks a specially crafted link to the affected script hosted on a web server.
39) An unspecified error in the Networking component of the client and server deployment can be exploited to gain escalated privileges.
40) An unspecified error in the 2D component of the client deployment can be exploited by a local user to disclose certain data and manipulate certain data.
The vulnerabilities are reported in the following products:
 * JDK and JRE 7 Update 21 and prior
 * JDK and JRE 6 Update 45 and prior
 * JDK and JRE 5 Update 45 and prior
Solution
Apply updates.
References:
Oracle:
Secunia
http://secunia.com/advisories/53846/

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 1 تیر 1392

امتیاز

امتیاز شما
تعداد امتیازها:0