Skip to main content

Oracle Java Unspecified Code Execution Vulnerability

Last Update Date: 17 Jan 2013 Release Date: 11 Jan 2013 16126 Views

RISK: Extremely High Risk

TYPE: Operating Systems - Application Platforms

TYPE: Application Platforms

A vulnerability has been identified in Oracle Java, which can be exploited by malicious people to compromise a user's system.  The vulnerability is caused due to an unspecified error.


Impact

  • Remote Code Execution

System / Technologies affected

  • Any system using Oracle Java 7 (1.7, 1.7.0) including
    • Java Platform Standard Edition 7 (Java SE 7)
    • Java SE Development Kit (JDK 7)
    • Java SE Runtime Environment (JRE 7)
  • All versions of Java 7 through update 10 are affected.

     


Solutions

Before installation of the software, please visit the software manufacturer web-site for more details. [Update on 14/01/13]

 

[Update on 17/01/13]Note: Public updates of Java 6 will be ended by Feb 2013. If you have confirmed with your IT support or software vendor that their Java based software/website supports Java 7, please upgrade to Java 7 now. For more information, please refer to the announcement from Oracle.

 

If you cannot apply this patch immediately, you are suggested to use workaround first.

  • Workaround:
    • Java 7 update 10 or later: Disable Java in web browsers.
      http://www.java.com/en/download/help/disable_browser.xml

       

      It is recommended to have the latest version of Java installed .
      http://java.com/en/download/faq/remove_olderversions.xml

    • Prior to Java 7 update 10: If you are using Internet Explorer with older versions of Java, you can disable Java by following steps
      1. In the Windows Control panel, change the View setting to "Classic View" in (Windows XP and Windows Vista) Or "Large icons" in (Windows 7) .
      2. Open the Java item, select the "Advanced" tab. On "Default Java for Browser", click "+" to expand the options。
      3. Select "Microsoft Internet Explorer", and then press the "Space" in keyboard to uncheck the selection.

      For other browsers and OS, please refer to the following URL:
      /my_url/en/blog/12082902#howtoprotect

    • Once you have Java disabled, you may restart the browsers and verify if Java is not detected via the following link.
      http://java.com/en/download/installed.jsp

    • Only enable Java temporarily in trusted sites (e.g. government and banks) when necessary. Do not browse any other websites when Java is enabled, disable it immediately after use.
    • [Update on 17/01/13] As a best practice of security, you should not install any software that you do not require. If you are not sure if you need Java, you can follow the steps in the workaround section to disable Java for some time to verify before you uninstall Java.

 


Vulnerability Identifier


Source


Related Link