Oracle Java SE 7 < Update 131 / 8 < Update 121 Arbitrary Code Execution
High Nessus Network Monitor Plugin ID 9948
SynopsisThe remote host is missing a critical Oracle Java SE patch update.
DescriptionThe version of Oracle Java SE installed on the remote host is prior to 7 Update 131, or 8 Update 121 and is affected by a flaw in the AWT subcomponent that is triggered when handling menu items. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code outside of intended sandbox restrictions.
SolutionUpgrade to Java 1.8.0_121 or later. If version 1.8.x cannot be obtained, version 1.7.0_131 is also patched for this vulnerability.