You are here

V-067: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code

January 11, 2013 - 12:01am

Addthis

PROBLEM:

Oracle Java Flaw Lets Remote Users Execute Arbitrary Code

PLATFORM:

Oracle Java Runtime Environment (JRE) 1.7 in  Java 7 Update 10 and earlier

ABSTRACT:

A vulnerability was reported in Oracle Java.

REFERENCE LINKS:

Seclist.org
Vulnerability Note VU#625617
SecurityTracker Alert ID:  1027972
Malware.dontneedcoffee.com
CVE-2013-0422

IMPACT ASSESSMENT:

High

DISCUSSION:

A remote user can create specially crafted Java content that, when loaded by the target user, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user.

This vulnerability is being actively exploited.

IMPACT:

A remote user can create Java content that, when loaded by the target user, will execute arbitrary code on the target user's system.

SOLUTION:

Oracle Security Alert for CVE-2013-0422

Oracle strongly recommends that customers apply the updates as soon as possible.

 

Addthis