Published: 2010-04-24T02:19+00:00
Last Updated: 2010-04-24T02:19+00:00
JVNTR-2010-14
Java Deployment Toolkit insufficient argument validation (VU#886582)
Overview
The Sun Java Deployment Toolkit plugin and ActiveX control perform insufficient argument validation, allowing an attacker to perform several attacks, including the execution of an arbitrary JAR file.
Event Information
| Date (UTC) | Description |
| 2010-04-16 13:13 |
US-CERT Oracle Releases Sun Java SE 1.6.0_20 US-CERT Current Activity Oracle has released Sun Java SE 1.6.0_20 to address several vulnerabilities. The release notes for this version of Java SE indicate that these vulnerabilities are in Java Deployment Toolkit and the new Java Plug-in. Exploitation of these vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code. |
| 2010-04-16 02:41 |
JPCERT/CC JPCERT-AT-2010-0010: Vulnerabilities in Oracle Sun JDK and JRE |
| 2010-04-15 19:52 |
Oracle Oracle Security Alert CVE-2010-0886 |
| 2010-04-15 11:47 |
Symantec ThreatCON (2) => (2) Java Runtime Environment 1.6.0_20 is released which seems to address the code-execution vulnerability (BID 39346) affecting Oracle JRE Java Platform SE and Java Deployment Toolkit Plugins. This issue is reported to be exploited in the wild. |
| 2010-04-14 15:00 |
Trend Micro JS_WEBSTART.A Exploiting vulnerability (CVE-2010-0886) |
| 2010-04-13 22:22 |
US-CERT TA10-103C: Adobe Reader and Acrobat Vulnerabilities Via US-CERT Mailing List |
| 2010-04-13 14:09 |
US-CERT Sun Java Deployment Toolkit Plugin and ActiveX Control Vulnerability US-CERT Current Activity The Sun Java Development Toolkit plugin and ActiveX control contain a vulnerability. This vulnerability is due to insufficient argument validation. By convincing a user to visit a specially crafted HTML document, an attacker may be able to exploit this vulnerability and execute an arbitrary JAR file on the affected system. |
| 2010-04-09 16:47 |
Symantec ThreatCON (2) => (2) Oracle Java JRE, since version 6 Update 10 are prone to multiple remote code execution vulnerabilities (Other versions might also be affected). The issues stem from an insufficient validation of user-supplied input. |
| 2010-04-09 11:08 |
Java Deployment Toolkit Performs Insufficient Validation of Parameters Vulnerability Proof Of Concept (CVE-2010-1423) #Tested:cpe:/o:microsoft:windows_xp + cpe:/a:sun:jre:1.6.0:update19 |