AnsweredAssumed Answered

Is there any QID released for New Zero-Day Vulnerability Found in Java

Question asked by Jijo John on Sep 27, 2012

What is the QID for New Zero-Day Vulnerability Found in Java 5, 6 and 7 on 27th Sept,2012.


A critical vulnerability in all of the latest versions of Java SE software was discovered that would allow an attacker full remote control of a computer landing on a malicious site. The exploit developed by Adam Gowdiak and his team at Polish security consultancy Security Explorations enabled them to escape the Java security sandbox in Java SE 7. Java 5 and 6 also contain the same vulnerability. Oracle says 1.1 billion desktops currently run Java, which is also a plug-in for all major browsers.

The proof-of-concept exploit was successfully used against a fully patched Windows 7 machine using Firefox 15.0.1, Chrome 21, IE 9, Opera 12, and Safari 5.1.7.