Solutions for:
Home Products
Small Business
Medium Business
Enterprise
Vulnerabilities Threats
Home Vulnerabilities

Multiple vulnerabilities in Oracle Java SE

Kaspersky ID:
KLA11076
Detect Date:
07/19/2017
Updated:
01/28/2026

Description

Multiple serious vulnerabilities have been found in Oracle Java SE. Malicious users can exploit these vulnerabilities to gain privileges, read and write accessible data and cause a denial of service.

Below is a complete list of vulnerabilities:

  1. An unspecified vulnerability in the 2D subcomponent of Java SE, Java SE Embedded and JRockit can be exploited remotely via sandboxed Java Web Start applications, sandboxed Java applets or by supplying data to APIs in the specified Component through a web service to cause a denial of service;
  2. An unspecified vulnerability in the Security subcomponent of Java SE can be exploited remotely by convincing a user to run untrusted code to gain privileges;
  3. An unspecified vulnerability in the Hotspot subcomponent of Java SE and Java SE Embedded can be exploited remotely by convincing a user to run untrusted code to gain privileges;
  4. An unspecified vulnerability in the Scripting subcomponent of Java SE can be exploited remotely via sandboxed Java Web Start applications, sandboxed Java applets or by supplying data to APIs in the specified Component through a web service to get read/write access to all Java SE accessible data;
  5. An unspecified vulnerability in the Hotspot subcomponent of Java SE and Java SE Embedded can be exploited remotely by convincing a user to run untrusted code to get write access to some of Java SE, Java SE Embedded accessible data;
  6. Multiple unspecified vulnerabilities in the JavaFX subcomponent of Java SE can be exploited remotely by convincing a user to run untrusted code to gain privileges;
  7. Multiple unspecified vulnerabilities in the Libraries subcomponent of Java SE and Java SE Embedded can be exploited remotely by convincing a user to run untrusted code to gain privileges;
  8. An unspecified vulnerability in the ImageIO subcomponent of Java SE can be exploited remotely by convincing a user to run untrusted code to gain privileges;
  9. Multiple unspecified vulnerabilities in the JAXP subcomponent of Java SE and Java SE Embedded can be exploited remotely by convincing a user to run untrusted code to gain privileges;
  10. An unspecified vulnerability in the RMI subcomponent of Java SE and Java SE Embedded can be exploited remotely supplying data to APIs in the specified Component through a web service to gain privileges;
  11. Multiple unspecified vulnerabilities in the Server subcomponent of Java Advanced Management Console can be exploited remotely via unknown vectors to get read/write access to some of Java Advanced Management Console accessible data and cause a denial of service;
  12. An unspecified vulnerability in the Deployment subcomponent of Java SE can be exploited remotely by convincing a user to run untrusted code to get write access to some of Java SE accessible data;
  13. An unspecified vulnerability in the RMI subcomponent of Java SE and Java SE Embedded can be exploited remotely by convincing a user to run untrusted code to gain privileges;
  14. An unspecified vulnerability in the Serialization subcomponent of Java SE, Java SE Embedded and JRockit can be exploited remotely via sandboxed Java Web Start applications, sandboxed Java applets or by supplying data to APIs in the specified Component through a web service to cause a denial of service;
  15. An unspecified vulnerability in the Serialization subcomponent of Java SE, Java SE Embedded and JRockit can be exploited remotely by convincing a user to run untrusted code to cause a denial of service;
  16. An unspecified vulnerability in the AWT subcomponent of Java SE can be exploited remotely by convincing a user to run untrusted code to gain privileges;
  17. Multiple unspecified vulnerabilities in the JCE subcomponent of Java SE, Java SE Embedded, JRockit can be exploited remotely via sandboxed Java Web Start applications, sandboxed Java applets or by supplying data to APIs in the specified Component through a web service to get read access to all Java SE, Java SE Embedded, JRockit accessible data;
  18. An unspecified vulnerability in the Security subcomponent of Java SE, Java SE Embedded, JRockit can be exploited remotely via sandboxed Java Web Start applications, sandboxed Java applets or by supplying data to APIs in the specified Component through a web service to gain privileges;
  19. An unspecified vulnerability in the Server subcomponent of Java Advanced Management Console can be exploited remotely via unknown vectors to get read access to some of Java Advanced Management Console accessible data;
  20. An unspecified vulnerability in the Deployment subcomponent of Java SE can be exploited locally via unknown vectors to gain privileges;
  21. Multiple unspecified vulnerabilities in the Security subcomponent of Java SE, Java SE Embedded, JRockit can be exploited remotely via sandboxed Java Web Start applications, sandboxed Java applets or by supplying data to APIs in the specified Component through a web service to get read access to all Java SE, Java SE Embedded, JRockit accessible data;
  22. An unspecified vulnerability in the Security subcomponent of Java SE and Java SE Embedded can be exploited remotely by convincing a user to run untrusted code to get read access to some of Java SE and Java SE Embedded accessible data;
  23. An unspecified vulnerability in the JAX-WS subcomponent of Java SE, Java SE Embedded, JRockit can be exploited remotely via sandboxed Java Web Start applications, sandboxed Java applets or by supplying data to APIs in the specified Component through a web service to get read access to some of Java SE and Java SE Embedded accessible data and cause a denial of service;

Technical details

Vulnerability (20) applies to deployment of Java where the Java Auto Update is enabled.

NB: Not every vulnerability already have CVSS rating so cumulative CVSS rating can be not representative.

Original advisories

Exploitation

Public exploits exist for this vulnerability.

Related products

CVE list

  • CVE-2017-10053
    high
  • CVE-2017-10067
    critical
  • CVE-2017-10074
    critical
  • CVE-2017-10078
    critical
  • CVE-2017-10081
    warning
  • CVE-2017-10086
    critical
  • CVE-2017-10087
    critical
  • CVE-2017-10089
    critical
  • CVE-2017-10090
    critical
  • CVE-2017-10096
    critical
  • CVE-2017-10102
    critical
  • CVE-2017-10104
    high
  • CVE-2017-10105
    warning
  • CVE-2017-10107
    critical
  • CVE-2017-10108
    high
  • CVE-2017-10109
    high
  • CVE-2017-10110
    critical
  • CVE-2017-10111
    critical
  • CVE-2017-10114
    critical
  • CVE-2017-10115
    critical
  • CVE-2017-10116
    critical
  • CVE-2017-10117
    high
  • CVE-2017-10118
    critical
  • CVE-2017-10121
    high
  • CVE-2017-10125
    high
  • CVE-2017-10145
    high
  • CVE-2017-10176
    critical
  • CVE-2017-10193
    warning
  • CVE-2017-10198
    high
  • CVE-2017-10243
    high

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!
Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Related articles
03 February 2026
Securelist
The Notepad++ supply chain attack — unnoticed execution chains and new IoCs
29 January 2026
Securelist
Supply chain attack on eScan antivirus: detecting and remediating malicious updates
27 January 2026
Securelist
HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns
29 December 2025
Securelist
The HoneyMyte APT evolves with a kernel-mode rootkit and a ToneShell backdoor
25 December 2025
Securelist
Threat landscape for industrial automation systems in Q3 2025
24 December 2025
Securelist
Evasive Panda APT poisons DNS requests to deliver MgBot
Found an inaccuracy in the description of this vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Found a new Threat or Vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Solutions for
Home Products
Small Business
Medium Business
Enterprise
Select language
Sorting
Kaspersky ID
Vulnerability
Detect date
Severity
Confirm changes?
Your message has been sent successfully.