Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Oracle Java SE 6 < Update 113 / 7 < Update 97 / 8 < Update 73 Arbitrary Code Execution

High

Synopsis

The remote host is missing a critical Oracle Java SE patch update.

Description

The Oracle Java SE installed on the remote host is version 6 prior to Update 113, 7 prior to Update 97, or 8 prior to Update 73 and is affected by an arbitrary code execution vulnerability that may have been exploited when installing Java. If an attacker convinced a user to download a set of malicious files before Java was installed, then arbitrary code may have been executed during the installation. A system with the vulnerable versions of Java installed should be checked for malicious software or abnormal behaviors.

Solution

Update to Java 1.6.0_113 (for JRE 6) / 1.7.0_97 (for JRE 7) / 1.8.0_73 (for JRE 8) or later.