Vulnerability in Sun Java Discovered

On Friday two advisories were released about a serious Java vulnerability that opens current versions of Windows and Linux up to web based attacks.

Tavis Ormandy of Google and Ruben Santamarta both discovered the flaw independently. Ormandy notified Sun of the flaw and when Sun decided not to patch right away, published an advisory with a work around for the issue.

According to ZDNET Zero day the flaw occurs:

 “…because the Java-Plugin Browser is running “javaws.exe” without validating command-line parameters. These parameters can be controlled by attackers via specially crafted embed HTML tags within a Web page,” Santamarta warned.

For more information and a temporary solution see the full ZDNET Zero Day article.


One thought on “Vulnerability in Sun Java Discovered”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s