#VU6712 Remote code execution in Oracle Java SE - CVE-2017-3289
Published: May 25, 2017 / Updated: November 22, 2018
Vulnerability identifier: #VU6712
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2017-3289
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Oracle Java SE
Oracle Java SE
Software vendor:
Oracle
Oracle
Description
The vulnerability allows a remote unauthenticated attacker to execute arbitrary code.
The weakness exists due to unknown error in Oracle Java SE and Java SE Embedded related to the Hotspot component. A remote attacker can trick the victim into opening a specially crafted webpage, execute arbitrary code with privileges of the current user and compromise vulnerable system.
The weakness exists due to unknown error in Oracle Java SE and Java SE Embedded related to the Hotspot component. A remote attacker can trick the victim into opening a specially crafted webpage, execute arbitrary code with privileges of the current user and compromise vulnerable system.
Remediation
Install update from vendor's website.