Oracle Java SE Java Runtime Environment Code Execution Vulnerability - (Windows) Network Vulnerability

Summary

This host is installed with Oracle Java SE and is prone to code execution vulnerability.

Impact

Successful exploitation allows remote attackers to bypass the Java sandbox restriction and execute arbitrary code. Impact Level: System/Application

Solution

Apply the patch from below link http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html

Insight

The 'AtomicReferenceArray' class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions.

Affected

Oracle Java SE versions 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier

References

http://secunia.com/advisories/48589
http://www.metasploit.com/modules/exploit/multi/browser/java_atomicreferencearray
http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html
http://www.osvdb.org/show/osvdb/80724

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0507

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Acrobat Unspecified vulnerability
Adobe Acrobat Sandbox Bypass Vulnerability - Aug14 (Windows)
Adobe Air Multiple Vulnerabilities June-2012 (Windows)
Adobe Acrobat Multiple Vulnerabilities April-2012 (Mac OS X)
Adobe Acrobat Multiple Vulnerabilities - 01 May14 (Windows)

Take action and discover your vulnerabilities