Page 1 of 1

Java exploit reported today

Posted: Fri Jan 11, 2013 1:36 pm
by bmw
Are there any affects to Zimbra based on this report?

US-CERT Vulnerability Note VU#625617 - Java 7 fails to restrict access to privileged code

Instructions on how to disable Java from being used by the browser are at the bottom of the report. There is no reason to uninstall or remove it at this time. I'm sure Oracle Java and Open Source IcedTea developers will fix it shortly.
But reading the actual report, the impact is as such below. Really this is about phishing where a scammer tries to lure you to click on a link that will perform this exploit.



By convincing a user to visit a specially crafted HTML document, a remote attacker may be able to execute arbitrary code on a vulnerable system.