Oracle Java SE Installer on Windows Arbitrary Code Execution

High Nessus Plugin ID 88755


The remote Windows host contains a programming platform that is affected by an arbitrary code execution vulnerability.


The version of Oracle Java SE or Java for Business installed on the remote host is prior to 8 Update 73, 7 Update 97, or 6 Update 113. It is, therefore, affected by an arbitrary code execution vulnerability that may have been exploited when installing Java. If an attacker convinced a user to download a set of malicious files before Java was installed, then arbitrary code may have been executed during the installation. A system with the vulnerable versions of Java installed should be checked for malicious software or abnormal behaviors.


Discard any installers for versions of Oracle JDK / JRE prior to 8 Update 73, 7 Update 97, or 6 Update 113. Additionally, check for malicious software or abnormal behavior.

See Also

Plugin Details

Severity: High

ID: 88755

File Name: oracle_java_installer_CVE-2016-0603.nasl

Version: $Revision: 1.2 $

Type: local

Agent: windows

Family: Windows

Published: 2016/02/16

Modified: 2016/04/28

Dependencies: 33545

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:jre, cpe:/a:oracle:jdk

Required KB Items: SMB/Java/JRE/Installed, Settings/ParanoidReport, SMB/Registry/Enumerated

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2016/02/05

Vulnerability Publication Date: 2016/02/05

Reference Information

CVE: CVE-2016-0603

BID: 83008

OSVDB: 134100