OSVDB ID: 85088

Title: Oracle Java SE / JRE Sandbox Bypass Multiple Method Arbitrary Code Execution

Info

Disclosure

Aug 31, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Oracle Java SE / JRE contains an multiple flaws that may allow an attacker to bypass sandbox restrictions and execute arbitrary code.

Classification

Location: Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Workaround
Exploit: Exploit Private
Disclosure: Coordinated Disclosure

Solution

Currently, there are no known upgrades or patches to correct this vulnerability. It is possible to temporarily work around the flaw by implementing the following workaround: Disable Java, at least in your web browser, to significantly reduce the chance of attack.

Products

Oracle Corporation	Java SE	7 Update 7
Oracle Corporation	Java JRE	7 Update 7

References

Security Tracker: 1027466
Mail List Post: http://seclists.org/bugtraq/2012/Nov/63
http://seclists.org/bugtraq/2012/Nov/73
http://seclists.org/bugtraq/2012/Sep/109
http://seclists.org/fulldisclosure/2012/Nov/125
News Article: http://www.infoworld.com/d/security/researchers-find-critical-vulnerability-in-java-7-patch-hours-after-its-release-201472
http://www.theregister.co.uk/2012/08/31/critical_flaw_found_in_patched_java/
Other Advisory URL: http://www.security-explorations.com/en/SE-2012-01-details.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/85088

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Oracle Corporation

Java SE

Java JRE

References

Credit