‫ Oracle Java Multiple Vulnerabilities

IRCAD2012102253
ID: IRCAD2012102253                              
Release Date: 2012-10-17
Criticality level: Highly critical
Software:
Oracle Java JDK 1.5.x / 5.x
Oracle Java JDK 1.7.x / 7.x
Oracle Java JRE 1.4.x / 4.x
Oracle Java JRE 1.7.x / 7.x
Oracle Java SDK 1.4.x / 4.x
Oracle JavaFX 2.x
Sun Java JDK 1.6.x / 6.x
Sun Java JRE 1.5.x / 5.x
Sun Java JRE 1.6.x / 6.x
Description:
Multiple vulnerabilities have been reported in Oracle Java, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
1) An unspecified error in the 2D component of the client and server deployment can be exploited to potentially execute arbitrary code.
2) An unspecified error in the 2D component of the client and server deployment can be exploited to potentially execute arbitrary code.
3) An unspecified error in the Beans component of the client deployment can be exploited to potentially execute arbitrary code.
4) An unspecified error in the Beans component of the client deployment can be exploited to potentially execute arbitrary code.
5) An unspecified error in the Deployment component of the client deployment can be exploited to potentially execute arbitrary code.
6) An unspecified error in the Deployment component of the client deployment can be exploited to potentially execute arbitrary code.
7) An unspecified error in the JAX-WS component of the client deployment can be exploited to potentially execute arbitrary code.
8) An unspecified error in the JMX component of the client deployment can be exploited to potentially execute arbitrary code.
9) An unspecified error in the Libraries component of the client deployment can be exploited to potentially execute arbitrary code.
10) An unspecified error in the JavaFX component of the client deployment can be exploited to potentially execute arbitrary code.
11) An unspecified error in the JMX component of the client deployment can be exploited to potentially execute arbitrary code.
12) An unspecified error in the Swing component of the client deployment can be exploited to potentially execute arbitrary code.
13) An unspecified error in the JavaFX component of the client deployment can be exploited to potentially execute arbitrary code.
14) An unspecified error in the Deployment component of the client deployment can be exploited to disclose and manipulate certain data and cause a DoS.
15) An unspecified error in the Libraries component of the client deployment can be exploited to disclose and manipulate certain data and cause a DoS.
16) An unspecified error in the Hotspot component of the client deployment can be exploited to disclose and manipulate certain data.
17) An unspecified error in the JAX-WS component of the client deployment can be exploited to disclose and manipulate certain data.
18) An unspecified error in the JMX component of the client deployment can be exploited to disclose and manipulate certain data.
19) An unspecified error in the Concurrency component of the client deployment can be exploited to disclose and manipulate certain data.
20) An unspecified error in the Deployment component of the client deployment can be exploited to disclose certain data.
21) An unspecified error in the JMX component of the client deployment can be exploited to disclose certain data.
22) An unspecified error in the JMX component of the client deployment can be exploited to disclose certain data.
23) An unspecified error in the Libraries component of the client deployment can be exploited to manipulate certain data.
24) An unspecified error in the Libraries component of the client deployment can be exploited to manipulate certain data.
25) An unspecified error in the Security component of the client deployment can be exploited to disclose certain data.
26) An unspecified error in the JSSE component of the server deployment can be exploited to cause a DoS.
27) An unspecified error in the JavaFX component of the client deployment can be exploited to cause a DoS.
28) An unspecified error in the Libraries component of the client deployment can be exploited to disclose certain data.
29) An unspecified error in the Security component of the client deployment can be exploited to disclose certain data.
The vulnerabilities are reported in the following products:
* JDK and JRE 7 Update 7 and earlier.
* JDK and JRE 6 Update 35 and earlier.
* JDK and JRE 5.0 Update 36 and earlier.
* SDK and JRE 1.4.2_38 and earlier.
* JavaFX 2.2 and earlier.
Solution
Apply updates.
References:
Oracle:
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 27 مهر 1391

امتیاز

امتیاز شما
تعداد امتیازها:0