Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.902167
Category:General
Title:Sun Java Deployment Toolkit Multiple Vulnerabilities (Windows)
Summary:This host is installed with Sun Java Deployment Toolkit and is prone to; multiple vulnerabilities.
Description:Summary:
This host is installed with Sun Java Deployment Toolkit and is prone to
multiple vulnerabilities.

Vulnerability Insight:
The flaws are due to input validation error in 'JDk' that does not properly
validate arguments supplied via 'javaw.exe' before being passed to a
'CreateProcessA' call, which could allow remote attackers to automatically
download and execute a malicious JAR file hosted on a network.

Vulnerability Impact:
Successful exploitation allows execution of arbitrary code by tricking a user
into visiting a malicious web page.

Affected Software/OS:
Sun Java version 6 Update 19 and prior on Windows.

Solution:
Upgrade to Sun Java version 6 Update 20.

Workaround:
Set the killbit for the CLSID {CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: BugTraq ID: 39492
Common Vulnerability Exposure (CVE) ID: CVE-2010-0886
http://lists.apple.com/archives/security-announce/2010//May/msg00001.html
http://lists.apple.com/archives/security-announce/2010//May/msg00002.html
Bugtraq: 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (Google Search)
http://www.securityfocus.com/archive/1/516397/100/0/threaded
HPdes Security Advisory: HPSBMU02799
http://marc.info/?l=bugtraq&m=134254866602253&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14216
http://secunia.com/advisories/39819
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1022294.1-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-279590-1
http://www.vupen.com/english/advisories/2010/1191
Common Vulnerability Exposure (CVE) ID: CVE-2010-0887
Common Vulnerability Exposure (CVE) ID: CVE-2010-1423
CERT/CC vulnerability note: VU#886582
http://www.kb.cert.org/vuls/id/886582
http://lists.grok.org.uk/pipermail/full-disclosure/2010-April/074036.html
http://www.reversemode.com/index.php?option=com_content&task=view&id=67&Itemid=1
http://osvdb.org/63648
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14090
http://www.securitytracker.com/id?1023840
http://secunia.com/advisories/39260
http://www.vupen.com/english/advisories/2010/0853
XForce ISS Database: jre-toolkit-command-execution(57615)
https://exchange.xforce.ibmcloud.com/vulnerabilities/57615
CopyrightCopyright (C) 2010 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.