فا

‫ Oracle Java Multiple Vulnerabilities

ID: IRCAD2014103577
Release Date: 2014-10-15
Criticality level: Highly critical
Software:
Oracle Java JDK 1.5.x / 5.x
Oracle Java JDK 1.6.x / 6.x
Oracle Java JDK 1.7.x / 7.x
Oracle Java JDK 1.8.x / 8.x
Oracle Java JRE 1.5.x / 5.x
Oracle Java JRE 1.6.x / 6.x
Oracle Java JRE 1.7.x / 7.x
Oracle Java JRE 1.8.x / 8.x
Description:
Multiple vulnerabilities have been reported in Oracle Java, which can be exploited by malicious, local users to perform certain actions with escalated privileges and by malicious people to disclose sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a user's system.
1) An error within the AWT subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to execute arbitrary code.
2) An error within the Deployment subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to execute arbitrary code.
3) An error within the Deployment subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to execute arbitrary code.
4) An error within the Deployment subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to execute arbitrary code.
5) An error within the Libraries subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to execute arbitrary code.
6) An error within the JavaFX subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to execute arbitrary code.
7) An error within the Deployment subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to execute arbitrary code.
Note: This vulnerability only affects Java deployments on Firefox.
8) An error within the Deployment subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to execute arbitrary code.
9) An error within the Deployment subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to execute arbitrary code.
10) An error within the Deployment subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to gain escalated privileges.
Note: This vulnerability only affects Java deployments on Internet Explorer.
11) An error within the Deployment subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets by local users to gain escalated privileges.
12) An error within the Hotspot subcomponent of the client and server deployment can be exploited by local users to gain escalated privileges.
13) An error within the Libraries subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose, update, insert, or delete certain data and to cause a crash.
14) An error within the 2D subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose certain data.
15) An error within the Deployment subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to update, insert, or delete certain data.
16) An error within the Deployment subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to update, insert, or delete certain data.
17) An error within the Hotspot subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose certain data.
18) An error within the Hotspot subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to update, insert, or delete certain data.
19) An error within the JAXP subcomponent of the client and server deployment can be exploited to disclose certain data.
20) An error within the Libraries subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose certain data.
21) An error within the Libraries subcomponent of the client and server deployment can be exploited to update, insert, or delete certain data.
22) An error within the JSSE subcomponent of the client and server deployment can be exploited to disclose, update, insert, or delete certain data.
23) An error within the Deployment subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to update, insert, or delete certain data.
24) An error within the Libraries subcomponent of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to update, insert, or delete certain data.
25) An error within the Security subcomponent of the client and server deployment can be exploited to update, insert, or delete certain data.
The vulnerabilities are reported in the following products:
* JDK and JRE 5 Update 71 and prior
* JDK and JRE 6 Update 81 and prior
* JDK and JRE 7 Update 67 and prior
* JDK and JRE 8 Update 20 and prior
Solution
Apply update.
References:
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 27 مهر 1393

امتیاز

امتیاز شما
تعداد امتیازها: 0