1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Malicious Java Download 6

Web Attack: Malicious Java Download 6

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects vulnerability in JRE Java which may result in remote code execution.

Additional Information

Oracle Java SE is prone to a remote denial-of-service vulnerability in Java Runtime Environment. Specifically, the issue occurs because the application fails to properly check if an array is of an expected Object[] type. An attacker can exploit this issue to cause Java Virtual Machine to crash or bypass Java sandbox restrictions.

An attacker can exploit this issue to cause the application to crash, denying service to legitimate users.

This vulnerability affects the following supported versions:
7 Update 2, 6 Update 30, 5.0 Update 33

Affected

  • Oracle Java 7 Update 2, 6 Update 30, 5.0 Update 33

Response

Updates are available. Please see the references for more information.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube