Oracle Java Unspecified Code Execution Vulnerability
Secunia Advisory SA50133
Release Date 2012-08-27
Criticality level Extremely criticalExtremely critical
Impact System access
Where From remote
Authentication level Available in Customer Area
Report reliability Available in Customer Area
Solution Status Unpatched
Systems affected Available in Customer Area
Approve distribution Available in Customer Area
Remediation status Secunia VIM
Software:
Oracle Java JRE 1.7.x / 7.x
Secunia CVSS Score Available in Customer Area
CVE Reference(s) No CVE references.
Description
A vulnerability has been discovered in Oracle Java, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an unspecified error and can be exploited to download and execute arbitrary programs.
Successful exploitation allows execution of arbitrary code.
NOTE: This is currently being actively exploited in targeted attacks.
The vulnerability is confirmed in version 7 update 6 build 1.7.0_06-b24. Other versions may also be affected.
Solution
No official solution is currently available.
Provided and/or discovered by
Reported as a 0-day.
Original Advisory
http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html
Posljednje sigurnosne preporuke