AnsweredAssumed Answered

Is there any QID released for New Zero-Day Vulnerability Found in Java

Question asked by Jijo John on Sep 27, 2012

What is the QID for New Zero-Day Vulnerability Found in Java 5, 6 and 7 on 27th Sept,2012.

 

 
A critical vulnerability in all of the latest versions of Java SE software was discovered that would allow an attacker full remote control of a computer landing on a malicious site. The exploit developed by Adam Gowdiak and his team at Polish security consultancy Security Explorations enabled them to escape the Java security sandbox in Java SE 7. Java 5 and 6 also contain the same vulnerability. Oracle says 1.1 billion desktops currently run Java, which is also a plug-in for all major browsers.

The proof-of-concept exploit was successfully used against a fully patched Windows 7 machine using Firefox 15.0.1, Chrome 21, IE 9, Opera 12, and Safari 5.1.7.

 

Reference:

http://seclists.org/fulldisclosure/2012/Sep/170

               

http://threatpost.com/en_us/blogs/new-zero-day-vulnerability-found-java-5-6-and-7-11-billion-desktops-affected-092612?utm_source=Newsletter_092612&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=&CID=

Outcomes