Facebook Google Plus Twitter LinkedIn YouTube RSS 功能表 搜尋 Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Oracle Java SE 7 < Update 131 / 8 < Update 121 Arbitrary Code Execution

High

Synopsis

The remote host is missing a critical Oracle Java SE patch update.

Description

The version of Oracle Java SE installed on the remote host is prior to 7 Update 131, or 8 Update 121 and is affected by a flaw in the AWT subcomponent that is triggered when handling menu items.This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code outside of intended sandbox restrictions.

解決方案

Upgrade to Java 1.8.0_121 or later.If version 1.8.x cannot be obtained, version 1.7.0_131 is also patched for this vulnerability.