Summary
This host is installed with Sun Java Deployment Toolkit and is prone to multiple vulnerabilities.
Impact
Successful exploitation allows execution of arbitrary code by tricking a user into visiting a malicious web page.
Impact Level: Application
Solution
Upgrade to Sun Java version 6 Update 20,
For updates refer to http://java.sun.com/javase/6/
Workaround:
Set the killbit for the CLSID {CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} http://support.microsoft.com/kb/240797
Insight
The flaws are due to input validation error in 'JDk' that does not properly validate arguments supplied via 'javaw.exe' before being passed to a 'CreateProcessA' call, which could allow remote attackers to automatially download and execute a malicious JAR file hosted on a network.
Affected
Sun Java version 6 Update 19 and prior on Windows.
References
Severity
Classification
-
CVE CVE-2010-0886, CVE-2010-0887, CVE-2010-1423 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Active Perl Locale::Maketext Module Multiple Code Injection Vulnerabilities (Windows)
- Adobe Flash Media Server Multiple Remote Security Vulnerabilities
- Adobe Air Multiple Vulnerabilities -01 May 13 (Windows)
- Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Mac OS X)
- Adobe AIR Multiple Vulnerabilities-01 Aug14 (Windows)