‫ Oracle Java Three Vulnerabilities

IRCAD2012082167
ID: IRCAD2012082167
Release Date: 2012-08-27
Criticality level: Extremely critical
 
Software:
Oracle Java JDK 1.7.x / 7.x
Oracle Java JRE 1.7.x / 7.x
 
Description:
Three vulnerabilities have been reported in Oracle Java, which can be exploited by malicious people to compromise a user's system.
1) An error in how the "setSecurityManager()" function can be called can be exploited by an applet to set its own privileges to e.g. allow downloading and executing arbitrary programs.
NOTE: This is currently being actively exploited in targeted attacks.
2) An unspecified error in the Beans sub-component can be exploited to compromise a user's system.
3) An unspecified error in the Beans sub-component can be exploited to compromise a user's system.
Successful exploitation of the vulnerabilities allows execution of arbitrary code, but applies to client deployment only as the vulnerabilities are exploited through untrusted Java Web Start applications and untrusted Java applets.
 
Solution
Update to version 7 Update 7.
 
References:
Oracle:
FireEye:
 
Secunia:
 
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 14 شهریور 1391

امتیاز

امتیاز شما
تعداد امتیازها:0