1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: JRE Soundbank CVE-2010-0094

Web Attack: JRE Soundbank CVE-2010-0094

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to download exploits from a toolkit that may compromise a computer through this Java vulnerability.

Additional Information

Oracle Java SE and Java for Business are prone to a remote vulnerability in Java Runtime Environment.

The vulnerability can be exploited over multiple protocols. An attacker does not require privileges to exploit this vulnerability.

Specifically, this issue occurs because of a lack of privilege checks when 'RMIConnectionImpl' objects are deserialized. Attackers can supply code to the constructor while a 'ClassLoader' object is being deserialized, allowing system-level Java functions to be accessed without proper sandboxing.

Affected

  • This vulnerability affects the following supported versions:
  • 6 Update 18, 5.0 Update 23

Response

Download and install all vendor patches related to this vulnerability.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube