The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and previous versions, 6 Update 41 and previous versions, and 5.0 Update 40 and previous versions allows remote malicious users to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oracle jre 1.7.0 |
||
oracle jre |
||
sun jre 1.5.0 |
||
oracle jre 1.5.0 |
||
sun jdk 1.6.0 |
||
oracle jdk 1.6.0 |
||
oracle jdk |
||
sun jre 1.6.0 |
||
oracle jre 1.6.0 |
||
sun jdk 1.5.0 |
||
oracle jdk 1.5.0 |
||
oracle jdk 1.7.0 |
One of the biggest problems facing the IT security industry is the use of vulnerabilities in legitimate software to launch malware attacks. Malicious programs can use these vulnerabilities to infect a computer without attracting the attention of the user – and, in some cases, without triggering an alert from security software. That’s why cyber criminals prefer these attacks, known as exploits, over other infection methods. Unlike social engineering, which can be hit or miss, the use of vulne...
Emergency patches issued for two more exploits
Oracle has issued a rare emergency patch to address two vulnerabilities in the Java plugin for web browsers that the company says are being actively exploited. "Due to the severity of these vulnerabilities, and the reported exploitation of CVE-2013-1493 'in the wild,' Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible," the company announced. The exploits were first reported on Friday by security firm FireEye, which urged all six Java ...
Disable Java, wait for patch, you all know the drill...
A new Java zero-day vulnerability is being exploited by attackers, and until it is patched everyone should disable Java in their browser. The vulnerability targets browsers that have the latest version of the Java plugin installed – Java v1.6 Update 41 and Java v1.7 Update 15 – malware researchers FireEye reported on Thursday. It has been used to attack multiple customers, FireEye said. "We urge users to disable Java in your browser until a patch has been released; alternatively, set your Ja...