Release DateMay 10, 2011 |
Severitylow |
ImpactSystem compromise |
DescriptionThis indicates a possible attack against an arbitrary remote code execution vulnerability in the Java Runtime Environment (JRE), in Oracle Java SE and Java for Business 6, which is caused by improper user-input data sanitization. |
Affected ProductsJava Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier. |
Recommended ActionsOracle has issued an update:http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2010-4452 |
Reference/shttp://fhoguin.com/2011/03/oracle-java-unsigned-applet-applet2classloader-remote-code-execution-vulnerability-zdi-11-084-explain |
