Sun Java JRE Multiple Vulnerabilities (Linux) Network Vulnerability

Summary

This host is installed with Sun Java Deployment Toolkit and is prone to multiple vulnerabilities.

Impact

Successful exploitation allows execution of arbitrary code by tricking a user into visiting a malicious web page. Impact Level: Application

Solution

Upgrade to Sun Java version 6 Update 20, For updates refer to http://java.sun.com/javase/6/

Insight

The flaws are due to an input validation error in 'JRE' that does not properly validate arguments supplied via 'javaw.exe' before being passed to a 'CreateProcessA' call, which could allow remote attackers to automatially download and execute a malicious JAR file hosted on a network.

Affected

Sun Java version 6 Update 19 and prior on Linux.

References

http://www.kb.cert.org/vuls/id/886582
http://www.reversemode.com/index.php?option=com_content&task=view&id=67&Itemid=1
http://www.vupen.com/english/advisories/2010/0853

Updated on 2017-03-28

Severity

Classification

CVE CVE-2010-0886, CVE-2010-0887, CVE-2010-1423

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Air Multiple Vulnerabilities -01 August 12 (Windows)
Adobe Dreamweaver Insecure Library Loading Vulnerability
Adobe Acrobat Out-of-bounds Vulnerability Feb15 (Windows)
Adobe AIR Multiple Vulnerabilities -01 April 13 (Mac OS X)
Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Linux)

Take action and discover your vulnerabilities