Oracle Java Multiple Vulnerabilities

Last Update Date: 20 Feb 2013 16:24 Release Date: 20 Feb 2013 4288 Views

RISK: High Risk

High Risk

TYPE: Operating Systems - Application Platforms

TYPE: Application Platforms

Multiple vulnerabilities have been identified in Oracle Java. A remote user can cause arbitrary code to be executed, and partially modify data on the target system.

  1. A remote user can create a specially crafted Java Web Start application or Java applet that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user. The Libraries, JMX, and Deployment components are affected.
  2. A remote user can partially modify data on the target system. The Libraries component is affected.

Impact

  • Remote Code Execution
  • Data Manipulation

System / Technologies affected

  • Versions 1.4.2_41 and prior
  • Versions 5.0 Update 39 and prior
  • Version 6 Update 39
  • Versions 7 Update 13 and prior

Solutions

[1]  Before installation of the software, please visit the software manufacturer web-site for more details.

 

[2]  Note: Java 6 end of support

  • Public updates of Java 6 will be ended by Feb 2013. If you have confirmed with your IT support or software vendor that their Java based software/website supports Java 7, please upgrade to Java 7 now. For more information, please refer to the announcement from Oracle.

 

[3]  If you cannot apply this patch immediately, please use workarounds:

 

  • Java 7 update 10 or later:

    Disable Java in web browsers.
    http://www.java.com/en/download/help/disable_browser.xml

     

    It is recommended to have the latest version of Java installed. 
    http://java.com/en/download/faq/remove_olderversions.xml

  • Prior to Java 7 update 10:

    If you are using Internet Explorer with older versions of Java, you can disable Java by following steps
    1. In the Windows Control panel, change the View setting to "Classic View" in (Windows XP and Windows Vista) Or "Large icons" in (Windows 7) . 
    2. Open the Java item, select the "Advanced" tab. On "Default Java for Browser", click "+" to expand the options。
    3. Select "Microsoft Internet Explorer", and then press the "Space" in keyboard to uncheck the selection.

    For other browsers and OS, please refer to the following URL:
    /my_url/en/blog/12082902#howtoprotect

     
  • Verify Java disabled:
    Once you have Java disabled, you may restart the browsers and verify if Java is not detected via the following link.
    http://java.com/en/download/installed.jsp


     

  • Only enable Java temporarily in trusted sites (e.g. government and banks) when necessary. Do not browse any other websites when Java is enabled, disable it immediately after use.

 

[4]  Best practice of security

  • As a best practice of security, you should not install any software that you do not require. If you are not sure if you need Java, you can follow the steps in the workaround section to disable Java for some time to verify before you uninstall Java.

Vulnerability Identifier

Source

Related Link

Share with

Previous

FFmpeg Multiple Vulnerabilities

14 Feb 2013 3949 Views

Next

Apple Mac OS X and Java Multiple Vulnerabilities

20 Feb 2013 3820 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY