Arbitrary code execution in Oracle Java SE - CVE-2017-10125
Published: September 5, 2017
Vulnerability identifier: #VU8080
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2017-10125
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Oracle
Affected software:
Oracle Java SE
Oracle Java SE
Detailed vulnerability description
The vulnerability allows an attacker with physical access to the system to execute arbitrary code on the target system.
The weakness exists due to unknown error. A remote attacker can execute arbitrary code with elevated privileges and compromise the vulnerable system.
The weakness exists due to unknown error. A remote attacker can execute arbitrary code with elevated privileges and compromise the vulnerable system.
How to mitigate CVE-2017-10125
Install update from vendor's website.