Release DateDec 13, 2011 |
Severitycritical |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems |
DescriptionThis indicates an attack attempt to exploit a Remote Code Execution vulnerability in Oracle's Java Runtime Environment (JRE) and Java Development Kit (JDK).The vulnerability is due to an improper boundary check condition in the application. As a result, an attacker can trick an unsuspecting into visiting a malicious webpage and execute arbitrary code within the context of the application. |
Affected ProductsOracle JDK and JRE 5.0 Update 31 and earlier versionsOracle JDK and JRE 6 Update 27 and earlier versions Oracle JDK and JRE 7 Oracle JRockit R28.1.4 and earlier versions Oracle SDK and JRE 1.4_2_33 and earlier versions |
Recommended ActionsApply the most recent upgrade or patch from the vendor.http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2011-3545 |
Reference/shttp://www.securityfocus.com/bid/50220 (BugTraq) |
