Site Network: Beskerming.com | Skiifwrald.com | Jongsma & Jongsma

Security for All

Sûnnet Beskerming is a company with a focus and a drive to provide Information Security services for all those who want to stay safe and secure in an online world.

Username: | Password: Contact us to request an account

Java - Remote hacker automatic control

Version: J2SE
Technical Details:

Java Web Start may provide access to overwrite local files and pass control of the system to a remote attacker that has convinced a user to interact with a malicious Java application via the Internet. Arbitrary code execution is possible within the context of the local user.

Specifically, JRE 6.0 Update 1 and earlier is vulnerable on Windows platforms. This is an extension of the previously reported Java vulnerability to take into account the vulnerability of JRE 6

Description:

Information Security firm, eEye, reports that the vulnerabilities that were reported earlier this month that affected J2SE now extend to JRE 6.0 (which was specifically mentioned as not being vulnerable by Sun). These vulnerabilities can lead to situations where a remote attacker is able to take control of the victim's system in the context of the current victim's privilege level.

This only affects the Windows version of the platform

Mitigation:

Apply the updates for J2SE at the earliest opportunity

Updates:

http://java.sun.com/javase/downloads/index.jsp

Source:

http://www.eeye.com

Exploits:

External Tracking Data:

Sun Alert ID: 102957


Social bookmark this page