Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote malicious users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows malicious users to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chaining Remote Code Execution Vulnerability."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sun jre |
||
sun jre 1.6.0 |
||
sun jdk 1.6.0 |
||
sun jdk |
||
sun jdk 1.5.0 |
||
sun sdk 1.4.2_13 |
||
sun sdk 1.4.2_14 |
||
sun sdk 1.4.2_4 |
||
sun sdk 1.4.2_5 |
||
sun sdk 1.4.2_22 |
||
sun sdk 1.4.2_23 |
||
sun sdk 1.4.2_02 |
||
sun sdk 1.4.2_1 |
||
sun sdk 1.4.2_10 |
||
sun sdk 1.4.2_17 |
||
sun sdk 1.4.2_18 |
||
sun sdk 1.4.2_8 |
||
sun sdk 1.4.2_9 |
||
sun sdk 1.4.2_11 |
||
sun sdk 1.4.2_12 |
||
sun sdk 1.4.2_19 |
||
sun sdk 1.4.2_3 |
||
sun sdk 1.4.2_20 |
||
sun sdk 1.4.2_21 |
||
sun sdk 1.4.2 |
||
sun sdk 1.4.2_15 |
||
sun sdk 1.4.2_16 |
||
sun sdk 1.4.2_6 |
||
sun sdk 1.4.2_7 |
||
sun sdk 1.4.2_24 |
||
sun sdk |
||
sun jre 1.5.0 |
||
sun jre 1.4.2_5 |
||
sun jre 1.4.2_6 |
||
sun jre 1.4.2_12 |
||
sun jre 1.4.2_1 |
||
sun jre 1.4.2_2 |
||
sun jre 1.4.2_9 |
||
sun jre 1.4.2_16 |
||
sun jre 1.4.2_17 |
||
sun jre 1.4.2_3 |
||
sun jre 1.4.2_4 |
||
sun jre 1.4.2_10 |
||
sun jre 1.4.2_11 |
||
sun jre 1.4.2_18 |
||
sun jre 1.4.2_19 |
||
sun jre 1.4.2_13 |
||
sun jre 1.4.2_20 |
||
sun jre 1.4.2_21 |
||
sun jre 1.4.2_22 |
||
sun jre 1.4.2 |
||
sun jre 1.4.2_7 |
||
sun jre 1.4.2_8 |
||
sun jre 1.4.2_14 |
||
sun jre 1.4.2_15 |
||
sun jre 1.4.2_23 |
||
sun jre 1.4.2_24 |
In early October, a story was published by the Wall Street Journal alleging Kaspersky Lab software was used to siphon classified data from an NSA employee’s home computer system. Given that Kaspersky Lab has been at the forefront of fighting cyberespionage and cybercriminal activities on the Internet for over 20 years now, these allegations were treated very seriously. To assist any independent investigators and all the people who have been asking us questions whether those allegations were tr...
At Virus Bulletin 2011, we presented on the exploding level of delivered Java exploits this year with “Firing the roast – Java is heating up again”. We examined CVE-2010-0840 exploitation in detail, along with variants of its most common implementation on the web and some tools and tips for analysis. Microsoft’s security team presented findings for 2011 that mirrored ours in relation to Java exploit prevalence on the web – it is #1! At the same time, aside from the recent, well-known B...
The following statistics were compiled in March using data from computers running Kaspersky Lab products: We have already written on a number of occasions that criminals are not averse to exploiting tragedies, and the Japanese earthquake and tsunami, plus the death of Elizabeth Taylor, did nothing to buck this trend. Thousands of people in Japan have lost loved ones and have been left homeless, while the world looks on in trepidation as events unfold at the Fukushima nuclear plant. But that hasn...
Over the past couple months, some advertising networks have been distributing ads that redirect browsers to sites hosting exploits. Spotify’s advertising network was most recently outed (note that it is the third party banner ads rotating through the client’s ad frames). Most of the redirections we have been been monitoring have sent users to a variety of servers in the .cc TLD. We have been working with providers to ensure the ads aren’t on their networks, but the groups have been active ...
The following statistics were compiled in February using data from computers running Kaspersky Lab products: February saw considerable growth in the use of Cascading Style Sheets (CSS) that contain partial data for script downloaders, a new method for spreading malware that makes it much harder for many antivirus solutions to detect malicious scripts. This method is currently being used in the majority of drive-by download attacks and allows cybercriminals to download exploits to users’ machin...