cancel
Showing results for 
Search instead for 
Did you mean: 

Java code-execution vuln exploited in drive-by attack

Midnight_Caller
Rising Star
Posts: 4,143
Thanks: 7
Fixes: 1
Registered: 15-04-2007

Java code-execution vuln exploited in drive-by attack

Hi All
Just seen this:
[quote="Java code-execution vuln exploited in drive-by attack"]
Trivial to exploit
A popular song lyrics website has been found serving attack code that tries to exploit a critical vulnerability in Oracle's Java virtual machine, which is installed on hundreds of millions of computers worldwide.

OS that are affected:
Quote
The bug in the Java Web Start component has been confirmed exploitable on all recent versions of Windows by Ormandy and fellow researcher Ruben Santamarta of Spain-based security firm Wintercore. The latter researcher said a related flaw potentially affects Linux users as well.

Sorry to put this here but I can not find "Everything Internet", so can a Forum Moderator move this to where it is ment to go.
3 REPLIES
alanf
Aspiring Pro
Posts: 1,931
Thanks: 77
Fixes: 1
Registered: 17-10-2007

Re: Java code-execution vuln exploited in drive-by attack

There is now Java 6 Update 20. I don't know if this cures the vulnerability.
http://www.java.com/en/download/inc/windows_upgrade_xpi.jsp
Loombucket
Grafter
Posts: 314
Registered: 09-06-2007

Re: Java code-execution vuln exploited in drive-by attack

I've already met this one - it served up a rogue antivirus from a music site, only a few minutes before the Java automatic update served up the patch.
The customer wasn't stupid though - shut the machine down instantly and yelled for help - so the removal was straightforward.
Steve
Pro
Posts: 6,679
Thanks: 247
Registered: 13-07-2009

Re: Java code-execution vuln exploited in drive-by attack

Quote from: alanf
There is now Java 6 Update 20. I don't know if this cures the vulnerability.
http://www.java.com/en/download/inc/windows_upgrade_xpi.jsp
Yes it does fix the problem.