Sun Java Deployment Toolkit Remote Argument Injection Vulnerability
RISK: Medium Risk
A vulnerability has been identified in Sun Java JRE/JDK, which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused by an input validation error in the Java Deployment Toolkit that does not properly validate arguments supplied via "javaw.exe" before being passed to a "CreateProcessA" call, which could allow remote attackers to automatially download and execute a malicious JAR file hosted on a network share by tricking a user into visiting a specially crafted web page.
Impact
- Remote Code Execution
System / Technologies affected
- Sun Java JDK version 6 Update 19 and prior
- Sun Java JRE version 6 Update 19 and prior
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Upgrade to Sun Java JDK and JRE 6 Update 20 :
http://java.sun.com/javase/downloads/index.jsp
Vulnerability Identifier
Source
Share with