Secunia
Login
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Thread: Oracle Java Multiple Vulnerabilities
You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.This thread was submitted in the following forum:
Vulnerabilities
See the original Secunia advisory:
Oracle Java Multiple Vulnerabilities
| Secunia | Oracle Java Multiple Vulnerabilities |
|---|---|
 |
19th Jun, 2012 18:32 |
|
Ranking: 0 Posts: 0 User Since: - System Score: - Location: Copenhagen, DK |
Multiple vulnerabilities have been reported in Oracle Java, which can be exploited by malicious, local users to disclose potentially sensitive information, manipulate certain data, and cause a DoS (Denial of Service) and by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. 1) An error in the 2D subcomponent can be exploited via untrusted Java Web Start applications and untrusted Java applets or specially crafted data passed to certain APIs. 2) An error in the Deployment subcomponent can be exploited via untrusted Java Web Start applications and untrusted Java applets in a client deployment only. 3) An error in the Deployment subcomponent can be exploited via untrusted Java Web Start applications and untrusted Java applets in a client deployment only. 4) An error in the Hotspot subcomponent can be exploited via untrusted Java Web Start applications and untrusted Java applets in a client deployment only. 5) An error in the Hotspot subcomponent can be exploited via untrusted Java Web Start applications and untrusted Java applets in a client deployment only. 6) An error in the Swing subcomponent can be exploited via untrusted Java Web Start applications and untrusted Java applets in a client deployment only. Successful exploitation of vulnerabilities #1 through #6 may allow execution of arbitrary code. 7) An error in the CORBA subcomponent can be exploited to disclose and manipulate some data via untrusted Java Web Start applications and untrusted Java applets in a client deployment only. 8) An error in the Libraries subcomponent can be exploited to disclose and manipulate some data via untrusted Java Web Start applications and untrusted Java applets in a client deployment only. 9) An error in the Deployment subcomponent can be exploited via untrusted Java Web Start applications and untrusted Java applets in a client deployment only. For more information see vulnerability #2: SA48798 10) An error in the CORBA subcomponent can be exploited to manipulate some data via untrusted Java Web Start applications and untrusted Java applets in a client deployment only. 11) An error in the JAXP subcomponent can be exploited to manipulate some data and cause a DoS via untrusted Java Web Start applications and untrusted Java applets or specially crafted data passed to certain APIs. 12) An error in the Security subcomponent can be exploited to cause a DoS via untrusted Java Web Start applications and untrusted Java applets or specially crafted data passed to certain APIs. 13) An error in the Networking subcomponent can be exploited by local users to manipulate some data and cause a DoS to a server deployment running on Solaris only. 14) An error in the printing functionality due to creating temporary spool files with insecure permissions can be exploited to disclose the contents of printed documents owned by other users. The vulnerabilities are reported in the following products: * JDK and JRE version 7 Update 4 and prior. * JDK and JRE version 6 Update 32 and prior. * JDK and JRE version 5.0 Update 35 and prior. * SDK and JRE version 1.4.2_37 and prior. |
| poipu96756 | RE: Oracle Java Multiple Vulnerabilities | ||||||||
|
19th Jun, 2012 18:32 | ||||||||
| Score: 1 Posts: 1 User Since: 10th May 2012 System Score: N/A Location: KH Last edited on 19th Jun, 2012 18:32 |
why are the updates provided by Secunia unsigned? is this dangerous? | ||||||||
|
|||||||||
