Remote code execution in Oracle Java SE - CVE-2017-3260
Published: July 5, 2017 / Updated: November 22, 2018
Vulnerability identifier: #VU7334
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2017-3260
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Oracle
Affected software:
Oracle Java SE
Oracle Java SE
Detailed vulnerability description
The vulnerability allows a remote unauthenticated attacker to execute arbitrary code.
The weakness exists due to unknown error in Oracle Java SE related to the AWT component. A remote attacker can trick the victim into visiting a specially crafted webpage, execute arbitrary code with privileges of the current user and compromise vulnerable system.
The weakness exists due to unknown error in Oracle Java SE related to the AWT component. A remote attacker can trick the victim into visiting a specially crafted webpage, execute arbitrary code with privileges of the current user and compromise vulnerable system.
How to mitigate CVE-2017-3260
Install update from vendor's website.