English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.803156
Category:General
Title:Oracle Java SE Multiple Remote Code Execution Vulnerabilities - Windows
Summary:Oracle Java SE is prone to multiple code execution vulnerabilities.
Description:Summary:
Oracle Java SE is prone to multiple code execution vulnerabilities.

Vulnerability Insight:
- An error in Java Management Extensions (JMX) MBean components which allows
remote attackers to execute arbitrary code via unspecified vectors.

- An unspecified error exists within the Libraries subcomponent.

NOTE: The vendor reports that only version 7.x is affected. However,
some security researchers indicate that some 6.x versions may
be affected

Vulnerability Impact:
Successful exploitation allows remote attackers to execute arbitrary code
via unspecified vectors.

Affected Software/OS:
Oracle Java version 7 before Update 11 on windows

Solution:
Upgrade to Oracle Java 7 Update 11 or later.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-3174
http://www.mandriva.com/security/advisories?name=MDVSA-2013:095
http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released/
RedHat Security Advisories: RHSA-2013:0156
http://rhn.redhat.com/errata/RHSA-2013-0156.html
RedHat Security Advisories: RHSA-2013:0165
http://rhn.redhat.com/errata/RHSA-2013-0165.html
SuSE Security Announcement: openSUSE-SU-2013:0199 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00025.html
http://www.ubuntu.com/usn/USN-1693-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-0422
Bugtraq: 20130110 [SE-2012-01] 'Fix' for Issue 32 exploited by new Java 0-day code (Google Search)
http://seclists.org/bugtraq/2013/Jan/48
Cert/CC Advisory: TA13-010A
http://www.us-cert.gov/cas/techalerts/TA13-010A.html
CERT/CC vulnerability note: VU#625617
http://www.kb.cert.org/vuls/id/625617
http://blog.fireeye.com/research/2013/01/happy-new-year-from-new-java-zero-day.html
http://immunityproducts.blogspot.ca/2013/01/confirmed-java-only-fixed-one-of-two.html
http://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware/
http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/
http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html
https://partners.immunityinc.com/idocs/Java%20MBeanInstantiator.findClass%200day%20Analysis.pdf
https://threatpost.com/en_us/blogs/nasty-new-java-zero-day-found-exploit-kits-already-have-it-011013
https://www-304.ibm.com/connections/blogs/PSIRT/entry/oracle_java_7_security_manager_bypass_vulnerability_cve_2013_04224?lang=en_us
CopyrightCopyright (C) 2013 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.