Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote malicious users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422. NOTE: some parties have mapped CVE-2012-3174 to an issue involving recursive use of the Reflection API, but that issue is already covered as part of CVE-2013-0422. This identifier is for a different vulnerability whose details are not public as of 20130114.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oracle jre 1.7.0 |
||
oracle jdk 1.7.0 |
Cheers, dears, I'll just pop through that backdoor...
Cybercrooks have begun distributing an item of malware that poses as a Java security update. Oracle released a new version of Java 7 (Java 7u11) on Sunday (13 January) to addresses zero-day vulnerability that has been exploited in the wild. The update was important because the underlying exploit had been "weaponised" and bundled in widely available black market exploit kits in the week prior to Oracle's security update. The security flap generated plenty of attention, especially after US CERT wa...