Summary
This host is installed with Sun Java JRE and is prone to Remote Code Execution Vulnerability.
Impact
Successful exploitation allows remote attackers to execute arbitrary code in the context of the affected application.
Impact Level: Application.
Solution
Upgrade to JRE version 6 Update 17
http://java.sun.com/javase/downloads/index.jsp
Insight
- A command execution vulnerability in the Java Runtime Environment Deployment Toolkit may be exploited via specially crafted web pages.
- An error occurs while using security model permissions when removing installer extensions and may allow an untrusted applications to run as a trusted application.
- An error occurs while handling interaction between a signed JAR file and a JNLP application or applet.
Affected
Sun Java JRE 6 prior to 6 Update 17 on Windows.
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2009-3865, CVE-2009-3866, CVE-2009-3886 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities