Sun Java JRE Multiple Vulnerabilities (Linux) Network Vulnerability

Summary

This host is installed with Sun Java Deployment Toolkit and is prone to multiple vulnerabilities.

Impact

Successful exploitation allows execution of arbitrary code by tricking a user into visiting a malicious web page. Impact Level: Application

Solution

Upgrade to Sun Java version 6 Update 20, For updates refer to http://java.sun.com/javase/6/

Insight

The flaws are due to an input validation error in 'JRE' that does not properly validate arguments supplied via 'javaw.exe' before being passed to a 'CreateProcessA' call, which could allow remote attackers to automatially download and execute a malicious JAR file hosted on a network.

Affected

Sun Java version 6 Update 19 and prior on Linux.

References

http://www.kb.cert.org/vuls/id/886582
http://www.reversemode.com/index.php?option=com_content&task=view&id=67&Itemid=1
http://www.vupen.com/english/advisories/2010/0853

Updated on 2017-03-28

Severity

Classification

CVE CVE-2010-0886, CVE-2010-0887, CVE-2010-1423

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Air Multiple Vulnerabilities -01 May 13 (Windows)
Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Mac OS X)
Adobe AIR Multiple Vulnerabilities-01 Jan15 (Mac OS X)
Adobe AIR Multiple Vulnerabilities(APSB14-22)-(Mac OS X)
Adobe Captivate Insecure Library Loading Vulnerability

Take action and discover your vulnerabilities