Skip to main content

Oracle Java Unspecified Code Execution Vulnerability

Last Update Date: 31 Aug 2012 Release Date: 28 Aug 2012 5756 Views

RISK: Extremely High Risk

TYPE: Servers - Database Servers

TYPE: Database Servers

A vulnerability has been identified in Oracle Java, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an unspecified error and can be exploited to download and execute arbitrary programs.

Successful exploitation allows execution of arbitrary code.

 

NOTE:

  • This is currently being actively exploited in targeted attacks.

Impact

  • Remote Code Execution

System / Technologies affected

  • Oracle Java JDK and JRE 1.6.x / 6.x
  • Oracle Java JDK and JRE 1.7.x / 7.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Apply JDK/JRE 6 Update 35 or JDK/JRE 7 Update 7.

Vulnerability Identifier


Source


Related Link