/
Security Response/
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities

Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities

Risk

High

Date Discovered

December 3, 2008

Description

Sun Java Runtime Environment and Java Development Kit are prone to multiple security vulnerabilities. Successful exploits may allow attackers to violate the same-origin policy, obtain sensitive information, bypass security restrictions, run untrusted applets with elevated privileges, and cause denial-of-service conditions. This may result in a compromise of affected computers. These issues affect versions *prior to* the following: JDK and JRE 6 Update 11 JDK and JRE 5.0 Update 17 SDK and JRE 1.4.2_19 SDK and JRE 1.3.1_24

Technologies Affected

Apple Mac OS X 10.4.0
Apple Mac OS X 10.4.1
Apple Mac OS X 10.4.10
Apple Mac OS X 10.4.11
Apple Mac OS X 10.4.2
Apple Mac OS X 10.4.3
Apple Mac OS X 10.4.4
Apple Mac OS X 10.4.5
Apple Mac OS X 10.4.6
Apple Mac OS X 10.4.7
Apple Mac OS X 10.4.8
Apple Mac OS X 10.4.9
Apple Mac OS X 10.5
Apple Mac OS X 10.5.1
Apple Mac OS X 10.5.2
Apple Mac OS X 10.5.3
Apple Mac OS X 10.5.4
Apple Mac OS X 10.5.5
Apple Mac OS X 10.5.6
Apple Mac OS X 10.5.7
Apple Mac OS X Server 10.4.0
Apple Mac OS X Server 10.4.1
Apple Mac OS X Server 10.4.10
Apple Mac OS X Server 10.4.11
Apple Mac OS X Server 10.4.2
Apple Mac OS X Server 10.4.3
Apple Mac OS X Server 10.4.4
Apple Mac OS X Server 10.4.5
Apple Mac OS X Server 10.4.6
Apple Mac OS X Server 10.4.7
Apple Mac OS X Server 10.4.8
Apple Mac OS X Server 10.4.9
Apple Mac OS X Server 10.5
Apple Mac OS X Server 10.5.1
Apple Mac OS X Server 10.5.2
Apple Mac OS X Server 10.5.3
Apple Mac OS X Server 10.5.4
Apple Mac OS X Server 10.5.5
Apple Mac OS X Server 10.5.6
Apple Mac OS X Server 10.5.7
Avaya CMS Server 10.0.0
Avaya CMS Server 11.0.0
Avaya CMS Server 12.0.0
Avaya CMS Server 13.0.0
Avaya CMS Server 13.1
Avaya CMS Server 14.0
Avaya CMS Server 14.1
Avaya CMS Server 8.0.0
Avaya CMS Server 9.0.0
Avaya CMS Supervisor
Avaya Interactive Response 2.0
Avaya Interactive Response 3.0
Avaya Interactive Response 4.0
Avaya Proactive Contact 3.0
Avaya Proactive Contact 3.0.2
Gentoo Linux
HP HP-UX B.11.11
HP HP-UX B.11.23
HP HP-UX B.11.31
HP OpenView Network Node Manager 7.51
HP OpenView Network Node Manager 7.53
HP Serviceguard Manager A.05.00
HP Serviceguard Manager A.05.01
HP Serviceguard Manager A.05.02
Nortel Networks Contact Center - CCT
Nortel Networks Enterprise Network Management System
Nortel Networks Self Service VoiceXML
Nortel Networks Self-Service - CCSS7
Nortel Networks Self-Service MPS 100
Nortel Networks Self-Service MPS 1000
Nortel Networks Self-Service MPS 500
Nortel Networks Self-Service Media Processing Server
Nortel Networks Self-Service Peri Application
Nortel Networks Self-Service Speech Server
Nortel Networks Self-Service WVADS
Pardus Linux 2008
Red Hat Desktop Extras 3
Red Hat Desktop Extras 4
Red Hat Enterprise Linux AS Extras 3
Red Hat Enterprise Linux AS Extras 4
Red Hat Enterprise Linux Desktop Supplementary 5 client
Red Hat Enterprise Linux ES Extras 3
Red Hat Enterprise Linux ES Extras 4
Red Hat Enterprise Linux Extras 3
Red Hat Enterprise Linux Extras 4
Red Hat Enterprise Linux Supplementary 5 server
Red Hat Enterprise Linux WS Extras 3
Red Hat Enterprise Linux WS Extras 4
Red Hat Enterprise Linux for SAP
Red Hat Fedora 9
SuSE CORE 9
SuSE Novell Linux Desktop 9.0.0
SuSE Novell Linux POS 9
SuSE Open-Enterprise-Server
SuSE SUSE Linux Enterprise 10
SuSE SUSE Linux Enterprise 11
SuSE SUSE Linux Enterprise Desktop 10 SP2
SuSE SUSE Linux Enterprise SDK 10 SP2
SuSE SUSE Linux Enterprise Server 10 SP2
SuSE SUSE Linux Enterprise Server 11
SuSE SUSE Linux Enterprise Server 11 DEBUGINFO
SuSE SUSE Linux Enterprise Server 9
SuSE openSUSE 10.3
SuSE openSUSE 11.0
SuSE openSUSE 11.1
Sun JDK (Linux Production Release) 1.5.0 .0_05
Sun JDK (Linux Production Release) 1.5.0 0_10
Sun JDK (Linux Production Release) 1.5.0 _07
Sun JDK (Linux Production Release) 1.5.0.0_03
Sun JDK (Linux Production Release) 1.5.0.0_04
Sun JDK (Linux Production Release) 1.5.0.0_08
Sun JDK (Linux Production Release) 1.5.0.0_09
Sun JDK (Linux Production Release) 1.5.0.0_11
Sun JDK (Linux Production Release) 1.5.0.0_12
Sun JDK (Linux Production Release) 1.5.0_01
Sun JDK (Linux Production Release) 1.5.0_02
Sun JDK (Linux Production Release) 1.5.0_06
Sun JDK (Linux Production Release) 1.5.0_13
Sun JDK (Linux Production Release) 1.5.0_14
Sun JDK (Linux Production Release) 1.5.0_15
Sun JDK (Linux Production Release) 1.6.0
Sun JDK (Linux Production Release) 1.6.0_01
Sun JDK (Linux Production Release) 1.6.0_02
Sun JDK (Linux Production Release) 1.6.0_03
Sun JDK (Linux Production Release) 1.6.0_04
Sun JDK (Linux Production Release) 1.6.0_05
Sun JDK (Linux Production Release) 1.6.0_06
Sun JDK (Linux Production Release) 1.6.0_07
Sun JDK (Linux Production Release) 1.6.0_10
Sun JDK (Solaris Production Release) 1.5.0_15
Sun JRE (Linux Production Release) 1.1.6_09
Sun JRE (Linux Production Release) 1.1.7B_07
Sun JRE (Linux Production Release) 1.1.8_06
Sun JRE (Linux Production Release) 1.2.1_04
Sun JRE (Linux Production Release) 1.2.2
Sun JRE (Linux Production Release) 1.2.2 _003
Sun JRE (Linux Production Release) 1.2.2 _004
Sun JRE (Linux Production Release) 1.2.2 _005
Sun JRE (Linux Production Release) 1.2.2 _006
Sun JRE (Linux Production Release) 1.2.2 _007
Sun JRE (Linux Production Release) 1.2.2 _010
Sun JRE (Linux Production Release) 1.2.2 _011
Sun JRE (Linux Production Release) 1.2.2 _013
Sun JRE (Linux Production Release) 1.2.2 _014
Sun JRE (Linux Production Release) 1.2.2 _015
Sun JRE (Linux Production Release) 1.2.2 _12
Sun JRE (Linux Production Release) 1.3.0 .0
Sun JRE (Linux Production Release) 1.3.0 .0_01
Sun JRE (Linux Production Release) 1.3.0 .0_02
Sun JRE (Linux Production Release) 1.3.0 .0_03
Sun JRE (Linux Production Release) 1.3.0 .0_04
Sun JRE (Linux Production Release) 1.3.0 .0_05
Sun JRE (Linux Production Release) 1.3.1
Sun JRE (Linux Production Release) 1.3.1 _01
Sun JRE (Linux Production Release) 1.3.1 _02
Sun JRE (Linux Production Release) 1.3.1 _03
Sun JRE (Linux Production Release) 1.3.1 _05
Sun JRE (Linux Production Release) 1.3.1 _06
Sun JRE (Linux Production Release) 1.3.1 _07
Sun JRE (Linux Production Release) 1.3.1 _08
Sun JRE (Linux Production Release) 1.3.1 _09
Sun JRE (Linux Production Release) 1.3.1 _10
Sun JRE (Linux Production Release) 1.3.1 _11
Sun JRE (Linux Production Release) 1.3.1 _12
Sun JRE (Linux Production Release) 1.3.1 _13
Sun JRE (Linux Production Release) 1.3.1 _14
Sun JRE (Linux Production Release) 1.3.1 _21
Sun JRE (Linux Production Release) 1.3.1_01a
Sun JRE (Linux Production Release) 1.3.1_04
Sun JRE (Linux Production Release) 1.3.1_15
Sun JRE (Linux Production Release) 1.3.1_16
Sun JRE (Linux Production Release) 1.3.1_17
Sun JRE (Linux Production Release) 1.3.1_18
Sun JRE (Linux Production Release) 1.3.1_19
Sun JRE (Linux Production Release) 1.3.1_20
Sun JRE (Linux Production Release) 1.3.1_21
Sun JRE (Linux Production Release) 1.3.1_22
Sun JRE (Linux Production Release) 1.3.1_23
Sun JRE (Linux Production Release) 1.4.0
Sun JRE (Linux Production Release) 1.4.0 .0_02
Sun JRE (Linux Production Release) 1.4.0 .0_03
Sun JRE (Linux Production Release) 1.4.0 .0_04
Sun JRE (Linux Production Release) 1.4.1
Sun JRE (Linux Production Release) 1.4.1 _01
Sun JRE (Linux Production Release) 1.4.1 _02
Sun JRE (Linux Production Release) 1.4.1 _03
Sun JRE (Linux Production Release) 1.4.2
Sun JRE (Linux Production Release) 1.4.2 _01
Sun JRE (Linux Production Release) 1.4.2 _02
Sun JRE (Linux Production Release) 1.4.2 _03
Sun JRE (Linux Production Release) 1.4.2 _04
Sun JRE (Linux Production Release) 1.4.2 _05
Sun JRE (Linux Production Release) 1.4.2 _06
Sun JRE (Linux Production Release) 1.4.2_07
Sun JRE (Linux Production Release) 1.4.2_08
Sun JRE (Linux Production Release) 1.4.2_09
Sun JRE (Linux Production Release) 1.4.2_10
Sun JRE (Linux Production Release) 1.4.2_10-b03
Sun JRE (Linux Production Release) 1.4.2_11
Sun JRE (Linux Production Release) 1.4.2_12
Sun JRE (Linux Production Release) 1.4.2_13
Sun JRE (Linux Production Release) 1.4.2_14
Sun JRE (Linux Production Release) 1.4.2_15
Sun JRE (Linux Production Release) 1.4.2_16
Sun JRE (Linux Production Release) 1.4.2_17
Sun JRE (Linux Production Release) 1.4.2_18
Sun JRE (Linux Production Release) 1.5.0
Sun JRE (Linux Production Release) 1.5.0 .0 beta
Sun JRE (Linux Production Release) 1.5.0_01
Sun JRE (Linux Production Release) 1.5.0_02
Sun JRE (Linux Production Release) 1.5.0_03
Sun JRE (Linux Production Release) 1.5.0_04
Sun JRE (Linux Production Release) 1.5.0_05
Sun JRE (Linux Production Release) 1.5.0_06
Sun JRE (Linux Production Release) 1.5.0_07
Sun JRE (Linux Production Release) 1.5.0_08
Sun JRE (Linux Production Release) 1.5.0_09
Sun JRE (Linux Production Release) 1.5.0_10
Sun JRE (Linux Production Release) 1.5.0_11
Sun JRE (Linux Production Release) 1.5.0_12
Sun JRE (Linux Production Release) 1.5.0_13
Sun JRE (Linux Production Release) 1.5.0_14
Sun JRE (Linux Production Release) 1.5.0_15
Sun JRE (Linux Production Release) 1.5.0_16
Sun JRE (Linux Production Release) 1.6.0
Sun JRE (Linux Production Release) 1.6.0_01
Sun JRE (Linux Production Release) 1.6.0_02
Sun JRE (Linux Production Release) 1.6.0_03
Sun JRE (Linux Production Release) 1.6.0_04
Sun JRE (Linux Production Release) 1.6.0_05
Sun JRE (Linux Production Release) 1.6.0_06
Sun JRE (Linux Production Release) 1.6.0_07
Sun JRE (Linux Production Release) 1.6.0_10
Sun JRE (Solaris Production Release) 1.1.6
Sun JRE (Solaris Production Release) 1.1.7 B
Sun JRE (Solaris Production Release) 1.1.8
Sun JRE (Solaris Production Release) 1.1.8 _009
Sun JRE (Solaris Production Release) 1.1.8 _10
Sun JRE (Solaris Production Release) 1.1.8 _12
Sun JRE (Solaris Production Release) 1.1.8 _13
Sun JRE (Solaris Production Release) 1.1.8 _14
Sun JRE (Solaris Production Release) 1.2.0
Sun JRE (Solaris Production Release) 1.2.1
Sun JRE (Solaris Production Release) 1.2.2
Sun JRE (Solaris Production Release) 1.2.2 _010
Sun JRE (Solaris Production Release) 1.2.2 _011
Sun JRE (Solaris Production Release) 1.2.2 _012
Sun JRE (Solaris Production Release) 1.2.2 _013
Sun JRE (Solaris Production Release) 1.2.2 _014
Sun JRE (Solaris Production Release) 1.2.2 _05a
Sun JRE (Solaris Production Release) 1.2.2 _07
Sun JRE (Solaris Production Release) 1.2.2 _11
Sun JRE (Solaris Production Release) 1.3.0
Sun JRE (Solaris Production Release) 1.3.0 .0_02
Sun JRE (Solaris Production Release) 1.3.0 .0_05
Sun JRE (Solaris Production Release) 1.3.0_01
Sun JRE (Solaris Production Release) 1.3.0_03
Sun JRE (Solaris Production Release) 1.3.0_04
Sun JRE (Solaris Production Release) 1.3.1
Sun JRE (Solaris Production Release) 1.3.1 _01
Sun JRE (Solaris Production Release) 1.3.1 _01a
Sun JRE (Solaris Production Release) 1.3.1 _02
Sun JRE (Solaris Production Release) 1.3.1 _03
Sun JRE (Solaris Production Release) 1.3.1 _04
Sun JRE (Solaris Production Release) 1.3.1 _05
Sun JRE (Solaris Production Release) 1.3.1 _06
Sun JRE (Solaris Production Release) 1.3.1 _07
Sun JRE (Solaris Production Release) 1.3.1 _08
Sun JRE (Solaris Production Release) 1.3.1 _09
Sun JRE (Solaris Production Release) 1.3.1 _10
Sun JRE (Solaris Production Release) 1.3.1 _11
Sun JRE (Solaris Production Release) 1.3.1 _12
Sun JRE (Solaris Production Release) 1.3.1 _13
Sun JRE (Solaris Production Release) 1.3.1 _14
Sun JRE (Solaris Production Release) 1.3.1_15
Sun JRE (Solaris Production Release) 1.3.1_16
Sun JRE (Solaris Production Release) 1.3.1_17
Sun JRE (Solaris Production Release) 1.3.1_18
Sun JRE (Solaris Production Release) 1.3.1_19
Sun JRE (Solaris Production Release) 1.3.1_20
Sun JRE (Solaris Production Release) 1.3.1_21
Sun JRE (Solaris Production Release) 1.3.1_22
Sun JRE (Solaris Production Release) 1.3.1_23
Sun JRE (Solaris Production Release) 1.4.0
Sun JRE (Solaris Production Release) 1.4.0 .0_01
Sun JRE (Solaris Production Release) 1.4.0 .0_02
Sun JRE (Solaris Production Release) 1.4.0 .0_03
Sun JRE (Solaris Production Release) 1.4.0 .0_04
Sun JRE (Solaris Production Release) 1.4.1
Sun JRE (Solaris Production Release) 1.4.1 _01
Sun JRE (Solaris Production Release) 1.4.1 _02
Sun JRE (Solaris Production Release) 1.4.1 _03
Sun JRE (Solaris Production Release) 1.4.2
Sun JRE (Solaris Production Release) 1.4.2 _01
Sun JRE (Solaris Production Release) 1.4.2 _02
Sun JRE (Solaris Production Release) 1.4.2 _03
Sun JRE (Solaris Production Release) 1.4.2 _04
Sun JRE (Solaris Production Release) 1.4.2 _05
Sun JRE (Solaris Production Release) 1.4.2 _06
Sun JRE (Solaris Production Release) 1.4.2_07
Sun JRE (Solaris Production Release) 1.4.2_08
Sun JRE (Solaris Production Release) 1.4.2_09
Sun JRE (Solaris Production Release) 1.4.2_10
Sun JRE (Solaris Production Release) 1.4.2_11
Sun JRE (Solaris Production Release) 1.4.2_12
Sun JRE (Solaris Production Release) 1.4.2_13
Sun JRE (Solaris Production Release) 1.4.2_14
Sun JRE (Solaris Production Release) 1.4.2_15
Sun JRE (Solaris Production Release) 1.4.2_16
Sun JRE (Solaris Production Release) 1.4.2_17
Sun JRE (Solaris Production Release) 1.4.2_18
Sun JRE (Solaris Production Release) 1.5.0
Sun JRE (Solaris Production Release) 1.5.0 _01
Sun JRE (Solaris Production Release) 1.5.0.0_07
Sun JRE (Solaris Production Release) 1.5.0.0_08
Sun JRE (Solaris Production Release) 1.5.0.0_09
Sun JRE (Solaris Production Release) 1.5.0_02
Sun JRE (Solaris Production Release) 1.5.0_03
Sun JRE (Solaris Production Release) 1.5.0_04
Sun JRE (Solaris Production Release) 1.5.0_05
Sun JRE (Solaris Production Release) 1.5.0_06
Sun JRE (Solaris Production Release) 1.5.0_10
Sun JRE (Solaris Production Release) 1.5.0_11
Sun JRE (Solaris Production Release) 1.5.0_12
Sun JRE (Solaris Production Release) 1.5.0_13
Sun JRE (Solaris Production Release) 1.5.0_14
Sun JRE (Solaris Production Release) 1.5.0_15
Sun JRE (Solaris Production Release) 1.6.0_01
Sun JRE (Solaris Production Release) 1.6.0_02
Sun JRE (Solaris Production Release) 1.6.0_03
Sun JRE (Solaris Production Release) 1.6.0_2
Sun JRE (Windows Production Release) 1.1.6_09
Sun JRE (Windows Production Release) 1.1.7 B_007
Sun JRE (Windows Production Release) 1.1.8
Sun JRE (Windows Production Release) 1.1.8 _005
Sun JRE (Windows Production Release) 1.1.8 _007
Sun JRE (Windows Production Release) 1.1.8 _008
Sun JRE (Windows Production Release) 1.1.8 _009
Sun JRE (Windows Production Release) 1.2.0
Sun JRE (Windows Production Release) 1.2.1
Sun JRE (Windows Production Release) 1.2.2
Sun JRE (Windows Production Release) 1.2.2 _007
Sun JRE (Windows Production Release) 1.2.2 _010
Sun JRE (Windows Production Release) 1.2.2 _011
Sun JRE (Windows Production Release) 1.2.2 _013
Sun JRE (Windows Production Release) 1.2.2 _014
Sun JRE (Windows Production Release) 1.2.2 _015
Sun JRE (Windows Production Release) 1.2.2 _12
Sun JRE (Windows Production Release) 1.3.0
Sun JRE (Windows Production Release) 1.3.0 .0_02
Sun JRE (Windows Production Release) 1.3.0 .0_04
Sun JRE (Windows Production Release) 1.3.0 .0_05
Sun JRE (Windows Production Release) 1.3.0 _01
Sun JRE (Windows Production Release) 1.3.1
Sun JRE (Windows Production Release) 1.3.1 _01
Sun JRE (Windows Production Release) 1.3.1 _01a
Sun JRE (Windows Production Release) 1.3.1 _02
Sun JRE (Windows Production Release) 1.3.1 _03
Sun JRE (Windows Production Release) 1.3.1 _04
Sun JRE (Windows Production Release) 1.3.1 _05
Sun JRE (Windows Production Release) 1.3.1 _06
Sun JRE (Windows Production Release) 1.3.1 _07
Sun JRE (Windows Production Release) 1.3.1 _08
Sun JRE (Windows Production Release) 1.3.1 _09
Sun JRE (Windows Production Release) 1.3.1 _10
Sun JRE (Windows Production Release) 1.3.1 _11
Sun JRE (Windows Production Release) 1.3.1 _12
Sun JRE (Windows Production Release) 1.3.1 _13
Sun JRE (Windows Production Release) 1.3.1 _14
Sun JRE (Windows Production Release) 1.3.1_15
Sun JRE (Windows Production Release) 1.3.1_16
Sun JRE (Windows Production Release) 1.3.1_17
Sun JRE (Windows Production Release) 1.3.1_18
Sun JRE (Windows Production Release) 1.3.1_19
Sun JRE (Windows Production Release) 1.3.1_20
Sun JRE (Windows Production Release) 1.3.1_21
Sun JRE (Windows Production Release) 1.3.1_22
Sun JRE (Windows Production Release) 1.3.1_23
Sun JRE (Windows Production Release) 1.4.0
Sun JRE (Windows Production Release) 1.4.0 .0_01
Sun JRE (Windows Production Release) 1.4.0 .0_02
Sun JRE (Windows Production Release) 1.4.0 .0_03
Sun JRE (Windows Production Release) 1.4.0 .0_04
Sun JRE (Windows Production Release) 1.4.1
Sun JRE (Windows Production Release) 1.4.1 _01
Sun JRE (Windows Production Release) 1.4.1 _02
Sun JRE (Windows Production Release) 1.4.1 _03
Sun JRE (Windows Production Release) 1.4.1 _07
Sun JRE (Windows Production Release) 1.4.2
Sun JRE (Windows Production Release) 1.4.2 _01
Sun JRE (Windows Production Release) 1.4.2 _02
Sun JRE (Windows Production Release) 1.4.2 _03
Sun JRE (Windows Production Release) 1.4.2 _04
Sun JRE (Windows Production Release) 1.4.2 _05
Sun JRE (Windows Production Release) 1.4.2 _06
Sun JRE (Windows Production Release) 1.4.2_07
Sun JRE (Windows Production Release) 1.4.2_08
Sun JRE (Windows Production Release) 1.4.2_09
Sun JRE (Windows Production Release) 1.4.2_10
Sun JRE (Windows Production Release) 1.4.2_11
Sun JRE (Windows Production Release) 1.4.2_12
Sun JRE (Windows Production Release) 1.4.2_13
Sun JRE (Windows Production Release) 1.4.2_14
Sun JRE (Windows Production Release) 1.4.2_15
Sun JRE (Windows Production Release) 1.4.2_16
Sun JRE (Windows Production Release) 1.4.2_17
Sun JRE (Windows Production Release) 1.4.2_18
Sun JRE (Windows Production Release) 1.5.0
Sun JRE (Windows Production Release) 1.5.0.0_07
Sun JRE (Windows Production Release) 1.5.0.0_08
Sun JRE (Windows Production Release) 1.5.0.0_09
Sun JRE (Windows Production Release) 1.5.0_01
Sun JRE (Windows Production Release) 1.5.0_02
Sun JRE (Windows Production Release) 1.5.0_03
Sun JRE (Windows Production Release) 1.5.0_04
Sun JRE (Windows Production Release) 1.5.0_05
Sun JRE (Windows Production Release) 1.5.0_06
Sun JRE (Windows Production Release) 1.5.0_10
Sun JRE (Windows Production Release) 1.5.0_11
Sun JRE (Windows Production Release) 1.5.0_12
Sun JRE (Windows Production Release) 1.5.0_13
Sun JRE (Windows Production Release) 1.5.0_14
Sun JRE (Windows Production Release) 1.6.0_01
Sun JRE (Windows Production Release) 1.6.0_02
Sun JRE (Windows Production Release) 1.6.0_03
Sun JRE (Windows Production Release) 1.6.0_2
Ubuntu Ubuntu Linux 8.10 amd64
Ubuntu Ubuntu Linux 8.10 i386
Ubuntu Ubuntu Linux 8.10 lpia
Ubuntu Ubuntu Linux 8.10 powerpc
Ubuntu Ubuntu Linux 8.10 sparc
VMWare ESX Server 3.0.3
VMWare ESX Server 3.5
VMWare ESX Server 4.0
VMWare ESXi Server 4.0
VMWare VirtualCenter 2.0.2
VMWare VirtualCenter 2.5
VMWare vCenter 4.0

Recommendations

Block external access at the network boundary, unless external parties require service.

If global access isn't needed, filter access to the affected computer at the network boundary. Restricting access to only trusted computers and networks might greatly reduce the likelihood of successful exploits.

Run all software as a nonprivileged user with minimal access rights.

To reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.

Deploy network intrusion detection systems to monitor network traffic for malicious activity.

Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity including unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.

Do not follow links provided by unknown or untrusted sources.

Do not use client software to visit sites of unknown or questionable integrity. This may limit exposure to this and other latent vulnerabilities.

Updates are available. Please see the references for more information.

References

Credits

An anonymous researcher working with ZDI, iDefense, Sebastian Apelt working with iDefense, Peter Csepely working with ZDI, Virtual Security Research, Billy Rios of Microsoft and Nate, Mcfeters of Ernst and Young, Peter Csepely working with ZDI and John Heasman of NGSSoftware, Francisco Amato, Stefan Middendorf from Cirosec, Sami Koivu, regenrecht working with iDefense, Henri Torgemane and Sami Koivu, Jan Grant of Bristol University, Adam Gowdiak, University of Oulu

Copyright © Symantec Corporation.
Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Symantec Security Response. Reprinting the whole or part of this alert in any medium other than electronically requires permission from secure@symantec.com.

Disclaimer
The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.

Symantec, Symantec products, Symantec Security Response, and secure@symantec.com are registered trademarks of Symantec Corp. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners.

Threat Intelligence

threatintel: Why #Email is a Key to Your Castle http://t.co/fWhN07kH5M #2factor
20:30 PM May.21

threatintel: #Symantec protection and information on Operation Hangover http://t.co/Zo0J7PCDzF #Cyberespionage
13:50 PM May.20

threatintel: New Targeted Attack Uses Old Vulnerabilities #SafeNet http://t.co/SNtakL2Yqj #APT
11:50 AM May.17

Follow the Threat Intelligence Twitter feed

STAR Antimalware Protection Technologies

Internet Security Threat Report, Volume 17

Symantec [+]
Norton [+]
- AntiVirus|
- Norton Store|
- Internet Security|
- Mac AntiVirus|
- Mobile Security|
- Norton|
- Spyware|
- Virus Protection|
- Virus Removal|
- Virus Scan
Website Security Solutions [+]
PC Tools [+]

PRODUCTS & SERVICES

POPULAR PRODUCTS

SOLUTIONS

HOW TO BUY

RESOURCES

COMMUNITIES: SYMANTEC CONNECT

Trust the Leader

Symantec SSL Certificates

PRODUCT SUPPORT

PRODUCT SUPPORT FOR ACQUIRED COMPANIES

LICENSING & ACCOUNT MANAGEMENT ASSISTANCE

BUSINESS SUPPORT RESOURCES

COMMUNITIES: SYMANTEC CONNECT

NORTON COMMUNITY

SOCIAL MEDIA

Information Unleashed

The Official Voice of Symantec

STAY SECURE

Updates

Repair

BE INFORMED

24/7 Reporting

Security Technology and Response

PUBLICATIONS

CONTACT US ABOUT

2013 Internet Security Threat Report

Symantec data and analysis on the threat landscape.

TRIALWARE

All Business Trialware

BUY ONLINE

Website Security Solutions

Shop All Business

SHOP NORTON

Most Popular

New Products

My Norton Product

See all Norton offerings

Double your peace of mind and save 15%

Endpoint Protection Small Business Edition 2013 + Backup Exec.cloud Bundle