Java exploit reported today

Industry info, happenings near you, and new product integrations. Hosting an event? Invite people here.
Post Reply
bmw
Advanced member
Advanced member
Posts: 108
Joined: Fri Sep 12, 2014 11:58 pm

Java exploit reported today

Post by bmw »

Are there any affects to Zimbra based on this report?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

US-CERT Vulnerability Note VU#625617 - Java 7 fails to restrict access to privileged code

Instructions on how to disable Java from being used by the browser are at the bottom of the report. There is no reason to uninstall or remove it at this time. I'm sure Oracle Java and Open Source IcedTea developers will fix it shortly.
But reading the actual report, the impact is as such below. Really this is about phishing where a scammer tries to lure you to click on a link that will perform this exploit.

===

Impact

By convincing a user to visit a specially crafted HTML document, a remote attacker may be able to execute arbitrary code on a vulnerable system.
Post Reply