Oracle Java SE Installer on Windows Arbitrary Code Execution
High Nessus Plugin ID 88755
SynopsisThe remote Windows host contains a programming platform that is affected by an arbitrary code execution vulnerability.
DescriptionThe version of Oracle Java SE or Java for Business installed on the remote host is prior to 8 Update 73, 7 Update 97, or 6 Update 113. It is, therefore, affected by an arbitrary code execution vulnerability that may have been exploited when installing Java. If an attacker convinced a user to download a set of malicious files before Java was installed, then arbitrary code may have been executed during the installation. A system with the vulnerable versions of Java installed should be checked for malicious software or abnormal behaviors.
SolutionDiscard any installers for versions of Oracle JDK / JRE prior to 8 Update 73, 7 Update 97, or 6 Update 113. Additionally, check for malicious software or abnormal behavior.