System compromise in Oracle Java JRE

Posted: September 3, 2012 in Vulnerabilities
Tags: , , ,

Oracle LogoAffected versions: Oracle Java JRE 6 update 7 build 1.7.0_06-b24

Description:

The vulnerability allows a remote user to execute arbitrary code on the target system.

1. The vulnerability is caused due to an unspecified error. This can be exploited to compromise a vulnerable system

Note: The vulnerability is being actively exploited in the present.

2.Uyazvimost An unspecified error subcomponent, Beans. A remote user can execute arbitrary code on the target system.

3.Uyazvimost An unspecified error in the sub-component Beans. A remote user can execute arbitrary code on the target system.

Note: Security researcher Govdiak Adam (Adam Gowdiak), report that they have no additional vulnerability in the current version of the product.

Manufacturer URL: http://www.oracle.com/

Solution: To resolve the vulnerability patch from the manufacturer.

Links:

http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html
http://www.metasploit.com/modules/exploit/multi/browser/java_jre17_exec
http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html
https://blogs.oracle.com/security/entry/security_alert_for_cve_20121

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s