Kaspersky Threats

Description

Multiple serious vulnerabilities have been found in Oracle Java Runtime Environment & Java Development Kit: 5.61, 6.71, 7.51, 8. Malicious use of these vulnerabilities can affect confidentiality, integrity and availability, cause denial of service, obtain sensitive information or overwrite arbitrary files.

Below is a complete list of vulnerabilities

Vectors related to 2D, Libraries, Hotspot, JavaFX, Deployment, AWT, JAX-WS, JAXB, Security, Sound, JNDI, JAXP, Scripting, Javadoc and other unknown points can be exploited to affect confidentiality, integrity and availability.
Zero-size PLTE chunk or NULL palette, related to pngrtran.c and pngset.c.
Unintialized memory locations at get_sos from libjpeg (6b) & libjpeg-turbo (through 1.3.0).
Nonsecurely temporary files creation at unpacker::redirect_stdio from unpack200.

Original advisories

Oracle

CVE list

CVE-2013-6629
critical
CVE-2014-2414
critical
CVE-2014-2402
critical
CVE-2014-0446
critical
CVE-2014-0454
critical
CVE-2014-2427
critical
CVE-2014-2422
high
CVE-2014-2409
high
CVE-2014-0460
high
CVE-2013-6954
critical
CVE-2014-2410
critical
CVE-2014-2397
critical
CVE-2014-0456
critical
CVE-2014-2421
critical
CVE-2014-0429
critical
CVE-2014-0457
critical
CVE-2014-2398
warning
CVE-2014-0453
warning
CVE-2014-2413
warning
CVE-2014-0459
warning
CVE-2014-0464
warning
CVE-2014-0463
warning
CVE-2014-2401
critical
CVE-2014-2403
critical
CVE-2014-2420
warning
CVE-2014-1876
warning
CVE-2014-0452
critical
CVE-2014-2423
critical
CVE-2014-2412
critical
CVE-2014-2428
critical
CVE-2014-0458
critical
CVE-2014-0451
critical
CVE-2014-0455
critical
CVE-2014-0432
critical
CVE-2014-0448
critical
CVE-2014-0461
critical

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!

Multiple vulnerabilities in Oracle Java Runtime Environment & Java Development Kit

Description

Original advisories

Related products

CVE list

Read more