You are here

V-142: Oracle Java Reflection API Flaw Lets Remote Users Execute Arbitrary Code

April 25, 2013 - 12:14am

Addthis

PROBLEM:

Oracle Java Reflection API Flaw Lets Remote Users Execute Arbitrary Code

PLATFORM:

Version(s): 7 Update 21; possibly other versions (1.7.0_21-b11)

Java Server JRE is also affected.

ABSTRACT:

A vulnerability was reported in Oracle Java.

REFERENCE LINKS:

SecurityTracker Alert ID:  1028466
Oracle

IMPACT ASSESSMENT:

Medium

DISCUSSION:

A remote user can create a specially crafted Java application that, when loaded and approved by the target user, will trigger a flaw in the Reflection API to bypass the security sandbox.

IMPACT:

A remote user can create a Java file that, when loaded by the target user, will execute arbitrary code on the target user's system.

SOLUTION:

No solution was available at the time of this entry.

Addthis