Skip to main content

Sun Java Deployment Toolkit Remote Argument Injection Vulnerability

Last Update Date: 28 Jan 2011 Release Date: 13 Apr 2010 5411 Views

RISK: Medium Risk

A vulnerability has been identified in Sun Java JRE/JDK, which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused by an input validation error in the Java Deployment Toolkit that does not properly validate arguments supplied via "javaw.exe" before being passed to a "CreateProcessA" call, which could allow remote attackers to automatially download and execute a malicious JAR file hosted on a network share by tricking a user into visiting a specially crafted web page.


Impact

  • Remote Code Execution

System / Technologies affected

  • Sun Java JDK version 6 Update 19 and prior
  • Sun Java JRE version 6 Update 19 and prior

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Upgrade to Sun Java JDK and JRE 6 Update 20 :
http://java.sun.com/javase/downloads/index.jsp


Vulnerability Identifier


Source