Oracle JRE Java Platform SE and Java Deployment Toolkit Plugins Code Execution Vulnerabilities
BID:39346
Info
Oracle JRE Java Platform SE and Java Deployment Toolkit Plugins Code Execution Vulnerabilities
| Bugtraq ID: | 39346 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 09 2010 12:00AM |
| Updated: | Apr 15 2010 12:43PM |
| Credit: | Tavis Ormandy, Rubén Santamarta |
| Vulnerable: |
Sun JRE (Windows Production Release) 1.6 _13 Sun JRE (Windows Production Release) 1.6 _12 Sun JRE (Windows Production Release) 1.6 _10 Sun JRE (Windows Production Release) 1.6.0_19 Sun JRE (Windows Production Release) 1.6.0_18 Sun JRE (Windows Production Release) 1.6.0_15 Sun JRE (Windows Production Release) 1.6.0_14 Sun JRE (Windows Production Release) 1.6.0_11 Sun JRE (Linux Production Release) 1.6 _13 Sun JRE (Linux Production Release) 1.6 _12 Sun JRE (Linux Production Release) 1.6 _10 Sun JRE (Linux Production Release) 1.6.0_19 Sun JRE (Linux Production Release) 1.6.0_18 Sun JRE (Linux Production Release) 1.6.0_15 Sun JRE (Linux Production Release) 1.6.0_14 Sun JRE (Linux Production Release) 1.6.0_11 |
| Not Vulnerable: | |
Discussion
Oracle JRE Java Platform SE and Java Deployment Toolkit Plugins Code Execution Vulnerabilities
Java Runtime Environment (JRE) is prone to arbitrary code-execution vulnerabilities that affect multiple Java plugins for multiple browsers.
Attackers can exploit these issues to execute arbitrary code in the context of the user running the vulnerable applications.
The issues affect Java Runtime Environment versions 1.6.0_10 and later (JRE 6 Update 10 and later); other versions may also be vulnerable.
Java Runtime Environment (JRE) is prone to arbitrary code-execution vulnerabilities that affect multiple Java plugins for multiple browsers.
Attackers can exploit these issues to execute arbitrary code in the context of the user running the vulnerable applications.
The issues affect Java Runtime Environment versions 1.6.0_10 and later (JRE 6 Update 10 and later); other versions may also be vulnerable.
Exploit / POC
Oracle JRE Java Platform SE and Java Deployment Toolkit Plugins Code Execution Vulnerabilities
Reports indicate that this issue is being exploited in the wild.
The following exploits are available:
Reports indicate that this issue is being exploited in the wild.
The following exploits are available:
Solution / Fix
Oracle JRE Java Platform SE and Java Deployment Toolkit Plugins Code Execution Vulnerabilities
Solution:
Oracle has released Java Runtime Environment 1.6.0_20 (JRE 6 Update 20) which seems to address this vulnerability. Though the vendor has not explicitly confirmed this, the DeepSight team has found that existing exploits no longer function after the Java SE 6u20 update has been applied. Furthermore, the affected DLL file and function where this issue resided have been modified which indicates that the vulnerability has been patched.
Solution:
Oracle has released Java Runtime Environment 1.6.0_20 (JRE 6 Update 20) which seems to address this vulnerability. Though the vendor has not explicitly confirmed this, the DeepSight team has found that existing exploits no longer function after the Java SE 6u20 update has been applied. Furthermore, the affected DLL file and function where this issue resided have been modified which indicates that the vulnerability has been patched.
References
Oracle JRE Java Platform SE and Java Deployment Toolkit Plugins Code Execution Vulnerabilities
References:
References:
- [0DAY] JAVA Web Start Arbitrary command-line injection - '-XXaltjvm' arbitrary d (Rubén Santamarta)
- Java Deployment Toolkit Performs Insufficient Validation of Parameters (Tavis Ormandy)
- Sun Java Homepage (Sun Microsystems)
- Vulnerability Note VU#886582 (US-CERT)