OSVDB ID: 73078

Title: Oracle Java SE / JRE Java Web Start File Search Path Settings Files Loading Remote Code Execution

Info

Disclosure

Jun 09, 2011

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Jun 08, 2011

Description

Classification

Location: Remote / Network Access, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Private
Disclosure: Vendor Verified, Coordinated Disclosure

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Oracle has released a patch to address this vulnerability. Check the vendor advisory or solution in the references section.

Products

Oracle Corporation

Java JRE/JDK (Java SE)

6 Update 25
5.0 Update 29
6 Update 25

Java SDK

1.4.2_31

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/73078