‫ Oracle Java Multiple Vulnerabilities

IRCAD2013042642
ID: IRCAD2013042642
Release Date: 2013-04-17
Criticality level: Highly critical
Software:
Oracle Java JDK 1.5.x / 5.x
Oracle Java JDK 1.7.x / 7.x
Oracle Java JRE 1.7.x / 7.x
Sun Java JDK 1.6.x / 6.x
Sun Java JRE 1.5.x / 5.x
Sun Java JRE 1.6.x / 6.x
Description:                                                         
Multiple vulnerabilities have been reported in Oracle Java, which can be exploited by malicious, local users to disclose certain sensitive information and gain escalated privileges and by malicious people to disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
1) An unspecified error in the 2D component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
2) An unspecified error in the 2D component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
3) An unspecified error in the 2D component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
4) An unspecified error in the 2D component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
5) An unspecified error in the 2D component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
6) An unspecified error in the 2D component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
7) An unspecified error in the 2D component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
8) An unspecified error in the Beans component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
9) An unspecified error in the Deployment component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
10) An unspecified error in the Deployment component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
11) An unspecified error in the Hotspot component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
12) An unspecified error in the Install component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
13) An unspecified error in the JAXP component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
14) An unspecified error in the JavaFX component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
15) An unspecified error in the JavaFX component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
16) An unspecified error in the JavaFX component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
17) An unspecified error in the Libraries component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
18) An unspecified error in the RMI component of the client and server deployment can be exploited to potentially execute arbitrary code.
19) An unspecified error in the RMI component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
20) An unspecified error in the HotSpot component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
21) An unspecified error in the JavaFX component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
22) An unspecified error in the Libraries component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
23) An unspecified error in the Libraries component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
24) An unspecified error in the Libraries component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
25) An unspecified error in the 2D component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
26) An unspecified error in the ImageIO component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
27) An unspecified error in the ImageIO component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
28) An unspecified error in the Install component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.
29) An unspecified error in the Install component of the client deployment can be exploited by a local user to gain escalated privileges.
30) An unspecified error in the AWT component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose and manipulate certain data.
31) An unspecified error in the 2D component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to cause a DoS.
32) An unspecified error in the JMX component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose certain data.
33) An unspecified error in the JavaFX component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose certain data.
34) An unspecified error in the JavaFX component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to manipulate certain data.
35) An unspecified error in the JavaFX component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to manipulate certain data.
36) An unspecified error in the Networking component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to cause a DoS.
37) An unspecified error in the Deployment component of the client deployment can be exploited by a local user to gain escalated privileges.
38) An unspecified error in the Deployment component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to manipulate certain data.
39) An unspecified error in the Deployment component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to manipulate certain data.
40) An unspecified error in the Deployment component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to manipulate certain data.
41) An unspecified error in the Hotspot component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to manipulate certain data.
42) An unspecified error in the JAX-WS component of the client and server deployment can be exploited by local users to disclose certain data.
The vulnerabilities are reported in the following products:
 * JDK and JRE 7 Update 17 and prior
 * JDK and JRE 6 Update 43 and prior
 * JDK and JRE 5.0 Update 41 and prior
Solution
Apply update.
References:
Secunia
http://secunia.com/advisories/53008/

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 29 فروردین 1392

امتیاز

امتیاز شما
تعداد امتیازها:0