فا

‫ Oracle Java SE Multiple Vulnerabilities

IRCAD2012021725
ID:IRCAD2012021725
Release Date: 2012-02-15
Criticality level: Highly critical
Software:
Oracle Java JDK 1.7.x / 7.x
Oracle Java JRE 1.7.x / 7.x
Oracle JavaFX 1.x
Oracle JavaFX 2.x
Sun Java JDK 1.5.x
Sun Java JDK 1.6.x / 6.x
Sun Java JRE 1.4.x
Sun Java JRE 1.5.x / 5.x
Sun Java JRE 1.6.x / 6.x
Sun Java SDK 1.4.x
 
Description:
Multiple vulnerabilities have been reported in Oracle Java SE, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
1)    An error in the 2D component may allow execution of arbitrary code in a client and server deployment via e.g untrusted applets or data sent to APIs through a web service.
2)    Another error in the 2D component may allow execution of arbitrary code in a client and server deployment via e.g untrusted applets or data sent to APIs through a web service.
3)    Another error in the 2D component may allow execution of arbitrary code in a client and server deployment via e.g untrusted applets or data sent to APIs through a web service.
4)    An error in the Deployment component may allow execution of arbitrary code in a client deployment via e.g untrusted Web Start applications or untrusted applets.
5)    An error in the JavaFX component may allow execution of arbitrary code in a client deployment.
6)    An error in the Install component may allow execution of arbitrary code in a client deployment via the update mechanism.
7)    An error in the Concurrency component can be exploited to disclose and manipulate certain data and to cause a DoS in a client deployment via e.g. untrusted Web Start applications or untrusted applets.
8)    An error in the I18n component can be exploited to disclose and manipulate certain data and to cause a DoS in a client deployment via e.g. untrusted Web Start applications or untrusted applets.
9)    An error in the Serialization component can be exploited to disclose and manipulate certain data and to cause a DoS in a client deployment via e.g. untrusted Web Start applications or untrusted applets.
10) An error in the AWT component can be exploited to disclose certain data and cause a DoS in a client deployment via e.g. untrusted Web Start applications or untrusted applets.
11) An error in the Sound component can be exploited to disclose certain data and cause a DoS in a client deployment via e.g. untrusted Web Start applications or untrusted applets.
12) An error in the Lightweight HTTP Server can be exploited to cause a DoS.
13) An error in the Java Runtime Environment component can be exploited to cause a DoS in a client and server deployment via e.g untrusted applets or data sent to APIs through a web service.
14) An error in the CORBA component can be exploited to manipulate certain data in a client deployment via e.g. untrusted Web Start applications or untrusted applets.
 
Solution:
Apply patches (please see the vendor's advisory for more information).
 
References:
 
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 26 بهمن 1390

امتیاز

امتیاز شما
تعداد امتیازها:0