Sun Java Deployment Toolkit Multiple Vulnerabilities (Windows) Network Vulnerability

Summary

This host is installed with Sun Java Deployment Toolkit and is prone to multiple vulnerabilities.

Impact

Successful exploitation allows execution of arbitrary code by tricking a user into visiting a malicious web page. Impact Level: Application

Solution

Upgrade to Sun Java version 6 Update 20, For updates refer to http://java.sun.com/javase/6/ Workaround: Set the killbit for the CLSID {CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} http://support.microsoft.com/kb/240797

Insight

The flaws are due to input validation error in 'JDk' that does not properly validate arguments supplied via 'javaw.exe' before being passed to a 'CreateProcessA' call, which could allow remote attackers to automatially download and execute a malicious JAR file hosted on a network.

Affected

Sun Java version 6 Update 19 and prior on Windows.

References

http://www.kb.cert.org/vuls/id/886582
http://www.reversemode.com/index.php?option=com_content&task=view&id=67&Itemid=1
http://www.vupen.com/english/advisories/2010/0853

Updated on 2017-03-28

Severity

Classification

CVE CVE-2010-0886, CVE-2010-0887, CVE-2010-1423
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Windows)
Adobe Acrobat Multiple Vulnerabilities April-2012 (Windows)
Adobe AIR Multiple Vulnerabilities(APSB14-22)-(Windows)
Adobe Acrobat and Reader Multiple Vulnerabilities -July10 (Windows)
Adobe Acrobat Multiple Vulnerabilities - 01 Jan14 (Windows)

Take action and discover your vulnerabilities