Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading
Highly critical

Oracle Java Multiple Vulnerabilities

-

Release Date:  2012-06-13    Last Update:  2012-12-21    Views:  49,497

Secunia Advisory SA49472

Where:

From remote

Impact:

Cross Site Scripting, Manipulation of data, Exposure of sensitive information, DoS, System access

Solution Status:

Vendor Patch

CVE Reference(s):

Description


Multiple vulnerabilities have been reported in Oracle Java, which can be exploited by malicious, local users to disclose potentially sensitive information, manipulate certain data, and cause a DoS (Denial of Service) and by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

1) An error in the "BasicService.showDocument" Java Webstart function allows passing additional parameters to a browser, which depending on the used default browser may allow execution of arbitrary code.

2) An error when handling System Properties through JNLP files can be exploited via untrusted Java Web Start applications and untrusted Java applets in a client deployment only.

3) An error in the Deployment subcomponent can be exploited via untrusted Java Web Start applications and untrusted Java applets in a client deployment only.

4) An error in the Hotspot subcomponent can be exploited via untrusted Java Web Start applications and untrusted Java applets in a client deployment only.

5) An error in the Hotspot subcomponent can be exploited via untrusted Java Web Start applications and untrusted Java applets in a client deployment only.

6) An error in the Swing subcomponent can be exploited via untrusted Java Web Start applications and untrusted Java applets in a client deployment only.

Successful exploitation of vulnerabilities #1 through #6 may allow execution of arbitrary code.

7) An error in the CORBA subcomponent can be exploited to disclose and manipulate some data via untrusted Java Web Start applications and untrusted Java applets in a client deployment only.

8) An error in the Libraries subcomponent can be exploited to disclose and manipulate some data via untrusted Java Web Start applications and untrusted Java applets in a client deployment only.

9) An error in the Deployment subcomponent can be exploited via untrusted Java Web Start applications and untrusted Java applets in a client deployment only.

For more information see vulnerability #2:
SA48798

10) An error in the CORBA subcomponent can be exploited to manipulate some data via untrusted Java Web Start applications and untrusted Java applets in a client deployment only.

11) An error in the JAXP subcomponent can be exploited to manipulate some data and cause a DoS via untrusted Java Web Start applications and untrusted Java applets or specially crafted data passed to certain APIs.

12) An error in the Security subcomponent can be exploited to cause a DoS via untrusted Java Web Start applications and untrusted Java applets or specially crafted data passed to certain APIs.

13) An error in the Networking subcomponent can be exploited by local users to manipulate some data and cause a DoS to a server deployment running on Solaris only.

14) An error in the printing functionality due to creating temporary spool files with insecure permissions can be exploited to disclose the contents of printed documents owned by other users.

The vulnerabilities are reported in the following products:
* JDK and JRE version 7 Update 4 and prior.
* JDK and JRE version 6 Update 32 and prior.
* JDK and JRE version 5.0 Update 35 and prior.
* SDK and JRE version 1.4.2_37 and prior.


Solution:
Apply updates.

Provided and/or discovered by:
1, 2) Chris Ries via ZDI.
14) Andrei Costin via Secunia.

It is currently unclear who reported the rest of the vulnerabilities as the Oracle Java Critical Patch Update for June 2012 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information.

Original Advisory:
Oracle:
http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html
http://www.oracle.com/technetwork/topics/security/javacpujun2012verbose-1515971.html

Andrei Costin:
http://andreicostin.com/index.php/brain/2012/06/15/acsa_2012_03_java_print_spooling_data_le

ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-12-142/
http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0206.html

Deep Links:
Links available to Secunia VIM customers

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Oracle Java Multiple Vulnerabilities

User Message
poipu96756 RE: Oracle Java Multiple Vulnerabilities
Member 19th Jun, 2012 18:32
Score: 1
Posts: 1
User Since: 10th May 2012
System Score: N/A
Location: KH
Last edited on 19th Jun, 2012 18:32
why are the updates provided by Secunia unsigned? is this dangerous?
Was this reply relevant?
+1
-0

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability