The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Java JRE/JDK 6: code execution via Java Plug-in

Synthesis of the vulnerability 

An attacker can create an HTML page containing a malicious Java applet, in order to execute code on victim's computer.
Vulnerable products: Java OpenJDK, Java Oracle, RHEL.
Severity of this weakness: 3/4.
Creation date: 16/04/2010.
Références of this bulletin: BID-39492, CVE-2010-0887, RHSA-2010:0356-02, RHSA-2010:0549-01, VIGILANCE-VUL-9594.

Description of the vulnerability 

The Java Plug-in is called to display Java applets contained in an HTML page.

An unknown vulnerability of Java Plug-in can be used to execute code. Versions 6 Update 18 and 19 are impacted on Windows, Solaris and Linux, installed on a 32 bit processor.

An attacker can therefore create an HTML page containing a malicious Java applet, in order to execute code on victim's computer.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer weakness bulletin impacts software or systems such as Java OpenJDK, Java Oracle, RHEL.

Our Vigil@nce team determined that the severity of this computer threat announce is important.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this threat announce.

Solutions for this threat 

Java JRE/JDK: version 6 Update 20.
Version 6 Update 20 is corrected:
  http://java.sun.com/javase/downloads/index.jsp
  http://java.com/

RHEL 4E, 5S: new java-1.6.0-ibm packages.
New packages are available:
Red Hat Enterprise Linux version 4 Extras:
  java-1.6.0-ibm-1.6.0.8.1-1jpp.2.el4
Red Hat Enterprise Linux version 5 Supplementary:
  java-1.6.0-ibm-1.6.0.8.1-1jpp.2.el5

RHEL 4E, 5S: new java-1.6.0-sun packages.
New packages are available:
Red Hat Enterprise Linux version 4 Extras:
  java-1.6.0-sun-1.6.0.20-1jpp.1.el4
Red Hat Enterprise Linux version 5 Supplementary:
  java-1.6.0-sun-1.6.0.20-1jpp.1.el5
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a computer vulnerability alert. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.