You are here

V-104: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code

March 5, 2013 - 12:53am

Addthis

PROBLEM:

Oracle Java Flaw Lets Remote Users Execute Arbitrary Code

PLATFORM:

Oracle Java 5 Update 40, 6 Update 41, 7 Update 15

ABSTRACT:

A vulnerability was reported in Oracle Java

REFERENCE LINKS:

SecurityTracker Alert ID:  1028237
Oracle Security Alert for CVE-2013-1493
CVE-2013-1493
CVE-2013-0809

IMPACT ASSESSMENT:

High

DISCUSSION:

These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password. For an exploit to be successful, an unsuspecting user running an affected release in a browser must visit a malicious web page that leverages these vulnerabilities. Successful exploits can impact the availability, integrity, and confidentiality of the user's system.

IMPACT:

A remote user can cause arbitrary code to be executed on the target user's system.

SOLUTION:

The vendor has issued a fix (5 Update 41, 6 Update 43, 7 Update 17).

Addthis