MA-268.022011 : MyCERT Alert - Critical Vulnerability in Oracle Java SE and Java for Business 1.0 Introduction A critical vulnerability (CVE-2010-4476) has been identified in Oracle Java SE and Java for Business. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. [1] 2.0 Impact An attacker who has successfully exploited this vulnerability such as by tricking the users to visit a website with a malicious java applets, could execute code remotely and gain the same privilege as the user. 3.0 Affected Products Java SE - JDK and JRE 6 Update 23 and earlier for Windows, Solaris, and Linux
- JDK 5.0 Update 27 and earlier for Solaris 9
- SDK 1.4.2_29 and earlier for Solaris 8
Java for Business - JDK and JRE 6 Update 23 and earlier for Windows, Solaris and Linux
- JDK and JRE 5.0 Update 27 and earlier for Windows, Solaris and Linux
- SDK and JRE 1.4.2_29 and earlier for Windows, Solaris and Linux
4.0 Recommendation Oracle has released a security update for this issue on February 8, 2011. Users are highly encouraged to download the most recent release of Java JDK and JRE to address these vulnerabilities. Download is available at the following URL: Generally, MyCERT advises the users of this product to be updated with the latest security announcements by the vendor. Users who receive suspicious applets or URL can forward them to MyCERT for further analysis. MyCERT can be reached through the following channels: E-mail : mycert@mycert.org.my
Phone : 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT <EMAIL> <COMPLAINT> to 15888
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web: http://www.mycert.org.my 5.0 References 1. http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html |
