Release date:
Updated on:
Affected Systems:
Oracle Java
Description:
--------------------------------------------------------------------------------
Java is an application development language launched by Sun.
Oracle JavaFX has a security vulnerability in implementation. When the Java ex Jar file is secure, no user interaction is required. After installation, it may call the master method of a trusted class with any parameters, resulting in remote code execution.
<* Source: Chris Ries
Link: http://packetstormsecurity.org/files/110119/Oracle-Java-True-Type-Font-IDEF-Opcode-Parsing-Remote-Code-Execution.html
Http://www.zerodayinitiative.com/advisories/ZDI-12-038/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Oracle
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.oracle.com/technetwork/topics/security/