You are here

U-014: Oracle Java Runtime Environment (JRE) Multiple Flaws Let Remote Users Execute Arbitrary Code and Deny Service

October 19, 2011 - 6:00pm

Addthis

PROBLEM:

Oracle Java Runtime Environment (JRE) Multiple Flaws Let Remote Users Execute Arbitrary Code and Deny Service.

PLATFORM:

Oracle JDK and JRE 7; JDK and JRE 6 Update 27 and prior; JDK and JRE 5.0 Update 31 and prior; SDK and JRE 1.4.2_33 and prior

ABSTRACT:

A remote user can create a Java applet or Java Web Start application that, when loaded by the target user, will access or modify data or execute arbitrary code on the target user's system.

reference LINKS:

Oracle Critical Patch Updates and Security Alerts
Oracle Java SE Critical Patch Update Advisory - October 2011
SecurityTracker Alert ID: 1026215
CVE-2011-3156,CVE-2011-3521,CVE-2011-3544
CVE-2011-3545,CVE-2011-3546,CVE-2011-3547
CVE-2011-3548,CVE-2011-3549,CVE-2011-3550
CVE-2011-3551,CVE-2011-3552,CVE-2011-3553
CVE-2011-3554,CVE-2011-3555,CVE-2011-3556
CVE-2011-3557,CVE-2011-3558,CVE-2011-3560
CVE-2011-3561

IMPACT ASSESSMENT:

High

Discussion:

Multiple vulnerabilities were reported in Java Runtime Environment (JRE). A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions. A remote user can create a specially crafted Java applet or Java Web Start application that, when loaded by the target user, will access or modify data on the target user's system or execute arbitrary code on the target user's system. The code will run with the privileges of the target user. A remote user can also cause denial of service conditions.

Impact:

A remote user can create a Java applet or Java Web Start application that, when loaded by the target user, will access or modify data or execute arbitrary code on the target user's system.

Solution:

The vendor has issued a fix, described in their October 2011 Oracle Java SE Critical Patch Update..

 

Addthis