PROBLEM:
Oracle Java Flaw Lets Remote Users Execute Arbitrary Code
PLATFORM:
Oracle Java Runtime Environment (JRE) 1.7 in Java 7 Update 10 and earlier
ABSTRACT:
A vulnerability was reported in Oracle Java.
REFERENCE LINKS:
Seclist.org
Vulnerability Note VU#625617
SecurityTracker Alert ID: 1027972
Malware.dontneedcoffee.com
CVE-2013-0422
IMPACT ASSESSMENT:
High
DISCUSSION:
A remote user can create specially crafted Java content that, when loaded by the target user, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user.
This vulnerability is being actively exploited.
IMPACT:
A remote user can create Java content that, when loaded by the target user, will execute arbitrary code on the target user's system.
SOLUTION:
Oracle Security Alert for CVE-2013-0422
Oracle strongly recommends that customers apply the updates as soon as possible.