The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and previous versions, and OpenJDK 6 and 7, allows remote malicious users to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager, as demonstrated by James Forshaw during a Pwn2Own competition at CanSecWest 2013.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oracle jre 1.7.0 |
||
oracle jdk 1.7.0 |