27 Aug 2012
24 Dec 2012
Oracle Java JDK 1.7.x / 7.x
This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
Three vulnerabilities have been reported in Oracle Java, which can be exploited by malicious people to compromise a user's system.
1) An error in how the "setSecurityManager()" function can be called can be exploited by an applet to set its own privileges to e.g. allow downloading and executing arbitrary programs.
NOTE: This is currently being actively exploited in targeted attacks.
2) An error when handling reflections within the java.beans.Expression class can be exploited to compromise a user's system.
3) An unspecified error in the Beans sub-component can be exploited to compromise a user's system.
Successful exploitation of the vulnerabilities allows execution of arbitrary code, but applies to client deployment only as the vulnerabilities are exploited through untrusted Java Web Start applications and untrusted Java applets.
Update to version 7 Update 7.
NOTE: The updated version also applies a defense-in-depth security fix to address an issue that makes exploitation of other vulnerabilities more severe. This fix is also implemented in version 6 Update 35.
2) James Forshaw (tyranid) via ZDI
Reported as a 0-day.
The vendor also credits Adam Gowdiak, Security Explorations.