PROBLEM:
Oracle Java Flaw Lets Remote Users Execute Arbitrary Code
PLATFORM:
Oracle Java 5 Update 40, 6 Update 41, 7 Update 15
ABSTRACT:
A vulnerability was reported in Oracle Java
REFERENCE LINKS:
SecurityTracker Alert ID: 1028237
Oracle Security Alert for CVE-2013-1493
CVE-2013-1493
CVE-2013-0809
IMPACT ASSESSMENT:
High
DISCUSSION:
These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password. For an exploit to be successful, an unsuspecting user running an affected release in a browser must visit a malicious web page that leverages these vulnerabilities. Successful exploits can impact the availability, integrity, and confidentiality of the user's system.
IMPACT:
A remote user can cause arbitrary code to be executed on the target user's system.
SOLUTION:
The vendor has issued a fix (5 Update 41, 6 Update 43, 7 Update 17).