HP, IBM, and Sun Java products contain a vulnerability that could allow an unauthenticated, remote attacker to perform actions with elevated privileges.
The vulnerability is due to an error that may occur when the vulnerable products handle Java applets. An unauthenticated, remote attacker could exploit the vulnerability by convincing a user to visit a website that loads a malicious applet on the user's system. The malicious applet could allow the attacker to execute arbitrary commands with the privileges of the user who is running the web browser.
Functional code that exploits this vulnerability is publicly available.
HP, IBM, and Sun confirmed the vulnerability and released updated software.
Indicators of Compromise
The following Java products are vulnerable:
IBM JDK 1.4.2 SR12 and prior IBM JDK 5.0 SR8a and prior IBM JDK 6.0 SR2 and prior Sun JRE 6 Update 10 and prior Sun JDK 6 Update 10 and prior Sun JRE 5.0 Update 16 and prior Sun JDK 5.0 Update 16 and prior Sun SDK 1.4.2_18 and prior Sun JRE 1.4.2_18 and prior HP JDK and JRE 6.0.02 and prior HP JDK and JRE 5.0.14 and prior HP SDK and JRE 18.104.22.168 and prior
The vulnerability is due to an error that may occur when the Java Runtime Environment processes Calendar.read objects within Java applets. An unauthenticated, remote attacker could exploit this vulnerability by creating a Java applet that contains a malicious Calendar object and convincing a user to view that applet. This object could allow the attacker to break out of the Java sandbox and execute arbitrary code on the affected system with the privileges of the user.
Code execution will take place with the privileges of the user who is logged in. On platforms that grant users administrative privileges, such as certain versions of Microsoft Windows, an unauthenticated, remote attacker may be able to take control of the targeted systems. However, the attacker will gain the privileges of the current user on systems that restrict user privileges.
Administrators are advised to apply the appropriate update.
Users are advised not to visit untrusted websites.
Users are advised not to accept Java applets from untrusted sources.
Administrators are advised not to browse the Internet or accept files from untrusted sources on critical systems.
Administrators may consider removing older versions of the affected software that are likely to remain on the system, preventing these versions from being called and exploited.
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A
PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM
THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products
Cisco Multivendor Vulnerability Alerts respond to vulnerabilities identified in third-party vendors' products. These alerts contain information compiled from diverse sources and provide comprehensive technical descriptions, objective analytical assessments, workarounds and practical safeguards, and links to vendor advisories and patches.