Unspecified vulnerability in the Java SE component in Oracle Java SE 6u111, 7u95, 8u71, and 8u72, when running on Windows, allows remote malicious users to affect confidentiality, integrity, and availability via unknown vectors related to Install. NOTE: the previous information is from Oracle's Security Alert for CVE-2016-0603. Oracle has not commented on third-party claims that this is an untrusted search path issue that allows local users to gain privileges via a Trojan horse dll in the "application directory."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oracle jre 1.6.0 |
||
oracle jre 1.7.0 |
||
oracle jre 1.8.0 |
||
oracle jdk 1.8.0 |
||
oracle jdk 1.6.0 |
||
oracle jdk 1.7.0 |
Yes, Java fixes are a dime a dozen. But this one prevents 'total compromise' of machines
Oracle's fired off an out-of-cycle emergency Java patch to plug a during-installation vulnerability on Windows platforms. Dubbed CVE-2016-0603, the bug is complex, in that an attacker would have to trick a user into visiting a compromised Website before installing Java 6, 7 or 8. However, a successful attack results in a “complete compromise” of the target. Getting an attack to work would be very difficult, unless the attacker had also persuaded a suitably inept end user that they'd clicked ...