#VU7334 Remote code execution in Oracle Java SE - CVE-2017-3260
Published: July 5, 2017 / Updated: November 22, 2018
Vulnerability identifier: #VU7334
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2017-3260
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Oracle Java SE
Oracle Java SE
Software vendor:
Oracle
Oracle
Description
The vulnerability allows a remote unauthenticated attacker to execute arbitrary code.
The weakness exists due to unknown error in Oracle Java SE related to the AWT component. A remote attacker can trick the victim into visiting a specially crafted webpage, execute arbitrary code with privileges of the current user and compromise vulnerable system.
The weakness exists due to unknown error in Oracle Java SE related to the AWT component. A remote attacker can trick the victim into visiting a specially crafted webpage, execute arbitrary code with privileges of the current user and compromise vulnerable system.
Remediation
Install update from vendor's website.