This effects all versions of Oracle Java (JRE 1.7 Update 10 and earlier), including both the JRE and JRE browser plugins.
From
US DHS CERT:
Quote:
This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits. Exploit code for this vulnerability is also publicly available.
Impact
By convincing a user to visit a specially crafted HTML document, a remote attacker may be able to execute arbitrary code on a vulnerable system.
Solution
We are currently unaware of a practical solution to this problem. Please consider the following workarounds:
Disable Java in web browsers
Starting with Java 7 Update 10, it is possible to disable Java content in web browsers through the Java control panel applet. Please see the Java documentation for more details.
|